hi i am testing 2 boxes on debian jessie with identical unbound configs (with the exception of 1 using forwarding to a dnscrypt resolver; this box does not suffer fragmentation)
both same wired LAN, they also both access the same gateway and firewall and essentially have same iptables rules i tested them using $ dig +short rs.dns-oarc.net txt 1st box seems ok (dnscrypt forwarding, do-not-query-localhost: no) rst.x4091.rs.dns-oarc.net. rst.x3837.rs.dns-oarc.net. rst.x3822.rs.dns-oarc.net. but the other sees fragmentation (direct access; no forwarding) rst.x1002.rs.dns-oarc.net. rst.x1432.rs.dns-oarc.net. rst.x1397.x1432.rs.dns-oarc.net. rst.x1403.x1432.rs.dns-oarc.net. what could i inspect for the issue ? what happens if the box suffering fragmentation is doing large DNSSEC querying/answering - will it revert to truncation and is that extraneous extra processing and therefore longer duration of time for dns processing ? _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
