[External] Re: intermittent resolution
marka at isc.org
Thu Oct 31 14:11:46 UTC 2013
In message <20131031114900.GB10055 at fantomas.sk>, Matus UHLAR - fantomas writes:
> On 30.10.13 21:58, Samp, Daniel [USA] wrote:
> >In the past when I've had issues with certain .gov sites (e.g. noaa.gov,
> > nih.gov, ssa.gov) it was due to application based filtering (layer 4).
> > For some reason the responses from these sites are more often than not
> > fragmented and if you have something doing filtering based on ports it may
> > not be delivering the follow-up fragments because they do not have the tcp
> > headers. Do a tcpdump of your DNS traffic from noaa.gov and check to see
> > if reponses are being fragmented and whether you are receiving all of the
> > fragments.
> > We had to set edns-udp-size to 512 as a workaround until we
> > could identify the problematic piece of hardware.
> this is a server option, not a client option. did you have to set this on
> your recursive servers, because HW between them and your clients was
edns-udp-size is for telling the server what size to send to you.
max-udp-size is for limiting response size sent to clients.
> If you did find the culprit, can you tell us who was it?
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> There's a long-standing bug relating to the x86 architecture that
> allows you to install Windows. -- Matthew D. Fuller
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users