From: Simon Kelley <simon@thekelleys.org.uk>
To: Dave Taht <dave.taht@gmail.com>
Cc: dnsmasq-discuss <dnsmasq-discuss@thekelleys.org.uk>,
"cerowrt-devel@lists.bufferbloat.net"
<cerowrt-devel@lists.bufferbloat.net>,
Anders Kaseorg <andersk@mit.edu>
Subject: Re: [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014
Date: Fri, 09 Jan 2015 16:49:46 +0000 [thread overview]
Message-ID: <54B006AA.5060503@thekelleys.org.uk> (raw)
In-Reply-To: <CAA93jw6QvqRruhrFgzh9djXywwRwEBN-N4dA+e2_f4E9EoCC8Q@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
An interesting observation: my IPv6 connectivity is via a sixXS tunnel.
Resolving isc.org through dnsmasq w/DNSSEC to google's IPv6 DNS
servers times out, because dnsmasq was never getting a reply to a
query for the DNSKEY RRset for org. This reply (when signed) is
1600-or-so bytes. running dnsmasq with --edns-packet-max=1280 makes it
work.
The tunnel MTU is 1280
Simon.
On 09/01/15 08:52, Dave Taht wrote:
> I was able to lock up this version of dnsmasq twice: 100% cpu
> usage. No syscalls were visible from strace during the lockup.
> Lockups occurred once on nearly at boot, and the second time, after
> a few hours of casual usage, with only ipv6 upstreams, on
> cero-3.10.50-1.
>
> furthermore, the only thing that kills it is a kill -9. I will
> build a non-stripped version in the morning... (and I do note that
> I was testing two things - one ipv6 upstreams only, and two,
> dnssec. Prior to this version I was using both ipv4 and ipv6
> upstreams, no issues, had dnssec on also, usually no issues)
>
> Other suggestions for debugging the causes of a lockup requested
> (log all queries?)
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUsAapAAoJEBXN2mrhkTWi6BMP/jXXRw3lQ9vuX28lut4VUsz8
yuVhPB8nQYpewXAT3LRxd33C7mVI6hQfbxcA192Mh7/4N66yAp91a3jeRZTe5pW6
nUS+GDGfXQXNZoVFbeQZrUQEyJ7QF1tj1TqXncp9lbYPGUFWrlruM3r0kDfHEYIb
hHZ7oO/LWg6sYTg5JkidbogL7QwFG97cZ5+6I4++rFTe+rrtfgKRIMSDP4kY+azU
vqzTOzQfwM69TfCPFjm/iJ8AStH8Y99lhORMyK/0F7kSODI0c3fPkcYLDaqslq/S
0GnhWIscAle0FoKG1CUErrUXESN1Q9dn4SKqrzeoRB4494n8tP0QykvmlgkcR/fx
orAxbvshTpWZaNzo0D6fjd9Pk81fFH2jTB6hFz3O1e67+2DOK5wqrOm4+vLU2Kke
gPthCsGDD5s6CcYs93gUfufzjZAllNvCgouvUZJMDWK2YQoMRLTHyGozz/wNeUV5
qI0aZTrXXluUQNaWxs326C4Ej02UXztE4rrPXb1YRiPzyFC0TZSNdco0tv0l/yru
oZQ1s6VFvqrqy7aNHeh/TyjFDEC2OqRVIXvuNOe1SECgjActLTOzxaOhOqfvqgjc
10Py3aZz8Tm40pixW4Q7LCm++QOB770NwzhLMjQ4jvvCEo5ua5dNsMA7whVX6Spf
pVw5V1h6KX4QDNbfZmeC
=HAlX
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2015-01-09 16:49 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-28 16:55 Jim Gettys
2014-04-28 17:03 ` Dave Taht
2014-04-28 18:37 ` Dave Taht
2014-04-28 18:56 ` Dave Taht
2014-04-28 19:32 ` [Cerowrt-devel] [Dnsmasq-discuss] " Simon Kelley
2014-04-28 19:45 ` Aaron Wood
2014-04-28 23:24 ` Phil Pennock
2014-04-29 13:22 ` Simon Kelley
2014-04-29 20:57 ` Phil Pennock
2014-04-30 17:26 ` Dave Taht
2014-05-01 18:37 ` Simon Kelley
2014-05-01 20:26 ` Rich Brown
2014-05-01 22:27 ` Dave Taht
2014-05-02 14:30 ` Sebastian Moeller
2014-05-01 18:35 ` Simon Kelley
2014-05-02 16:40 ` James Cloos
2014-10-03 9:28 ` [Cerowrt-devel] " Anders Kaseorg
2014-10-03 17:28 ` Valdis.Kletnieks
2014-10-03 21:35 ` Anders Kaseorg
2014-10-04 21:45 ` Anders Kaseorg
2015-01-08 16:34 ` Simon Kelley
2015-01-08 17:44 ` Dave Taht
2015-01-08 18:07 ` Simon Kelley
2015-01-08 19:52 ` Dave Taht
2015-01-09 8:52 ` Dave Taht
2015-01-09 15:36 ` Simon Kelley
2015-01-09 16:49 ` Simon Kelley [this message]
2015-01-09 21:34 ` Dave Taht
2015-01-10 15:37 ` Simon Kelley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B006AA.5060503@thekelleys.org.uk \
--to=simon@thekelleys.org.uk \
--cc=andersk@mit.edu \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
--cc=dnsmasq-discuss@thekelleys.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox