On 21/06/11 11:36, Daisuke HIGASHI wrote:
Hi, Wouter. Thanks to reply.
2011/6/20 W.C.A. Wijngaards<[email protected]>:
The reponses for this query, the DNSKEY and the A responses are over 3
Kb. You likely have path MTU trouble. Something is wrong with your
fragments. Perhaps you own firewall is set to stop UDP fragments?
You are right. -- my firewall (modem) handles fragments incorrectly.
It seems that my firewall denies all fragments until first fragment
(offset=0) arrives. Most times first fragment from vip.icann.org does
not arrives first at my network. I don't know why but always packets
may be reordered...
Older versions of the Linux kernel used to deliberately send fragments
in reverse order. There are some (not very compelling) arguments that
this is optimal, but it was uncommon so changed in kernel 2.4 IIRC.
Regardless, the firewall is of course broken.
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
