named validating @0x...: ... SOA: no valid signature found
Casey Deccio
casey at deccio.net
Fri Jul 20 14:12:38 UTC 2012
On Fri, Jul 20, 2012 at 6:03 AM, Brian J. Murrell <brian at interlinx.bc.ca>wrote:
> On 12-07-20 08:34 AM, Brian J. Murrell wrote:
> >
> > The problem here seems to be fragmented UDP.
>
> I seem to have misdiagnosed this due to tcpdump peculiarities. I only
> initially saw/suspected the problem since my capture for port 53
> packets was including (only the first) ipv4 fragments. When adding a
> capture specifically to get all ipv4 fragments in addition to my port
> 53 packets, I do see all of the fragments.
>
>
Just because you see the fragments on the wire doesn't mean they're getting
past the local firewall and being reassembled. For example, if you're
using ip6tables on a Linux kernel <= 2.6.20 IPv6 fragments aren't allowed
through properly [1]. What OS/kernel are you using?
Casey
[1] See https://dnssec.surfnet.nl/?p=464
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120720/5a76d81c/attachment.html>
More information about the bind-users
mailing list