From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bytemark.thekelleys.org.uk (bytemark.thekelleys.org.uk [213.138.109.107]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 5E92021F5D0 for ; Fri, 9 Jan 2015 08:49:55 -0800 (PST) Received: from [31.108.134.64] (helo=[192.168.87.210]) by bytemark.thekelleys.org.uk with esmtpa (Exim 4.80) (envelope-from ) id 1Y9ckx-0001XB-VQ; Fri, 09 Jan 2015 16:49:52 +0000 Message-ID: <54B006AA.5060503@thekelleys.org.uk> Date: Fri, 09 Jan 2015 16:49:46 +0000 From: Simon Kelley User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Dave Taht References: <535EACCB.7090104@thekelleys.org.uk> <20140428232459.GA55372@redoubt.spodhuis.org> <535FA793.8020502@thekelleys.org.uk> <542E6C43.9030002@mit.edu> <54AEB183.7050000@thekelleys.org.uk> <54AEC775.7070101@thekelleys.org.uk> In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Cc: dnsmasq-discuss , "cerowrt-devel@lists.bufferbloat.net" , Anders Kaseorg Subject: Re: [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2015 16:50:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 An interesting observation: my IPv6 connectivity is via a sixXS tunnel. Resolving isc.org through dnsmasq w/DNSSEC to google's IPv6 DNS servers times out, because dnsmasq was never getting a reply to a query for the DNSKEY RRset for org. This reply (when signed) is 1600-or-so bytes. running dnsmasq with --edns-packet-max=1280 makes it work. The tunnel MTU is 1280 Simon. On 09/01/15 08:52, Dave Taht wrote: > I was able to lock up this version of dnsmasq twice: 100% cpu > usage. No syscalls were visible from strace during the lockup. > Lockups occurred once on nearly at boot, and the second time, after > a few hours of casual usage, with only ipv6 upstreams, on > cero-3.10.50-1. > > furthermore, the only thing that kills it is a kill -9. I will > build a non-stripped version in the morning... (and I do note that > I was testing two things - one ipv6 upstreams only, and two, > dnssec. Prior to this version I was using both ipv4 and ipv6 > upstreams, no issues, had dnssec on also, usually no issues) > > Other suggestions for debugging the causes of a lockup requested > (log all queries?) > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUsAapAAoJEBXN2mrhkTWi6BMP/jXXRw3lQ9vuX28lut4VUsz8 yuVhPB8nQYpewXAT3LRxd33C7mVI6hQfbxcA192Mh7/4N66yAp91a3jeRZTe5pW6 nUS+GDGfXQXNZoVFbeQZrUQEyJ7QF1tj1TqXncp9lbYPGUFWrlruM3r0kDfHEYIb hHZ7oO/LWg6sYTg5JkidbogL7QwFG97cZ5+6I4++rFTe+rrtfgKRIMSDP4kY+azU vqzTOzQfwM69TfCPFjm/iJ8AStH8Y99lhORMyK/0F7kSODI0c3fPkcYLDaqslq/S 0GnhWIscAle0FoKG1CUErrUXESN1Q9dn4SKqrzeoRB4494n8tP0QykvmlgkcR/fx orAxbvshTpWZaNzo0D6fjd9Pk81fFH2jTB6hFz3O1e67+2DOK5wqrOm4+vLU2Kke gPthCsGDD5s6CcYs93gUfufzjZAllNvCgouvUZJMDWK2YQoMRLTHyGozz/wNeUV5 qI0aZTrXXluUQNaWxs326C4Ej02UXztE4rrPXb1YRiPzyFC0TZSNdco0tv0l/yru oZQ1s6VFvqrqy7aNHeh/TyjFDEC2OqRVIXvuNOe1SECgjActLTOzxaOhOqfvqgjc 10Py3aZz8Tm40pixW4Q7LCm++QOB770NwzhLMjQ4jvvCEo5ua5dNsMA7whVX6Spf pVw5V1h6KX4QDNbfZmeC =HAlX -----END PGP SIGNATURE-----