From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <simon@thekelleys.org.uk>
Received: from bytemark.thekelleys.org.uk (bytemark.thekelleys.org.uk
	[213.138.109.107])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id F28AA21F67F
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sat, 10 Jan 2015 07:37:19 -0800 (PST)
Received: from [31.108.134.64] (helo=[192.168.87.210])
	by bytemark.thekelleys.org.uk with esmtpa (Exim 4.80)
	(envelope-from <simon@thekelleys.org.uk>)
	id 1Y9y6E-0005My-9V; Sat, 10 Jan 2015 15:37:14 +0000
Message-ID: <54B14723.7090208@thekelleys.org.uk>
Date: Sat, 10 Jan 2015 15:37:07 +0000
From: Simon Kelley <simon@thekelleys.org.uk>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Dave Taht <dave.taht@gmail.com>
References: <CAGhGL2BeuvR4bNqWbTF5FfNnwW0LC28-z_MJsCQLpb8izHK2oA@mail.gmail.com>	<CAA93jw6ukYcBSEdubFbqoT20MdLLdXHZUbU6Hq+gLWNCaCTY6Q@mail.gmail.com>	<CAA93jw4D790r=UD0uKjfWZ2vDGO6u+dQG0GdYXbPXrTeiZWxYw@mail.gmail.com>	<CAA93jw6+sfWqiLc3LgyNufRixUz_f9TCSpxf+aGoLo0cq-PZWw@mail.gmail.com>	<535EACCB.7090104@thekelleys.org.uk>	<20140428232459.GA55372@redoubt.spodhuis.org>	<535FA793.8020502@thekelleys.org.uk>	<542E6C43.9030002@mit.edu>	<alpine.DEB.2.10.1410041743400.37760@buzzword-bingo.mit.edu>	<54AEB183.7050000@thekelleys.org.uk>	<CAA93jw76qUbcV8XVUzPnosqQ+HuSXGSaR2Cg8303Ahn-NocWFg@mail.gmail.com>	<54AEC775.7070101@thekelleys.org.uk>	<CAA93jw7wyGGhE6kQYe8E9Mia6vk1FJXmkfUvYWP0eRoMs2jpUw@mail.gmail.com>	<CAA93jw6QvqRruhrFgzh9djXywwRwEBN-N4dA+e2_f4E9EoCC8Q@mail.gmail.com>	<54B006AA.5060503@thekelleys.org.uk>
	<CAA93jw6GVYS=DrkG4V9qBA1-QtxwasgzO45jBuKabt5DdQF_0w@mail.gmail.com>
In-Reply-To: <CAA93jw6GVYS=DrkG4V9qBA1-QtxwasgzO45jBuKabt5DdQF_0w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: dnsmasq-discuss <dnsmasq-discuss@thekelleys.org.uk>,
	"cerowrt-devel@lists.bufferbloat.net"
	<cerowrt-devel@lists.bufferbloat.net>, Anders Kaseorg <andersk@mit.edu>
Subject: Re: [Cerowrt-devel] Problems with DNSsec on Comcast,
 with Cero 3.10.38-1/DNSmasq 4-26-2014
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sat, 10 Jan 2015 15:37:48 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OK, that's useful, but not good. The last thing DNSSEC/IPv6 needs is
yet another reason why network access which used to work now doesn't.

edns-packet-max=1280 seems to be working fine here. Please let me know
if you find anything more.

Cheers,

Simon.



On 09/01/15 21:34, Dave Taht wrote:
> I strongly suspect an ipv6 fragmentation handling bug in the
> kernel version cerowrt uses. Have tons of evidence pointing to that
> now, starting with some tests run last year from iwl and also the
> tests that netalyzer was doing. And: I just locked up the box
> completely while doing some dnssec stuff.
> 
> will go through kernel git logs and see what has happened there
> since 3.10.50.
> 
> Turning on the edns-packet-max feature now, however, as I lack time
> to poke into this in more detail, and we're supposed to be testing
> dnssec as it is....
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUsUcjAAoJEBXN2mrhkTWigEgP/id/tK0SSnRlrnwazoNe1aCg
jgJ0MyDHAxtKhqJgDPniMyScld185lCQ5nE87k6YM2EOW2Os5G4Xos15Pg8R+s8c
Nd5OD0R/sPWnIjD7f8JKN8RndYNBqB5kUiT/OErDW6R0AR+G5kkvMjMppDPUVpPL
JZ+8xckaeIfOSC/x18thRgc2IczLOmzo9cgXgA7PieV70+Zi3nN6ALOc62xeiizU
sAje24z/lBC9J9B+rTnhs3LuL8CCTcMFxqIv66vaNvrCCSvSk5mV4JR6bqHz2U8X
UNo3fXogjNKhFU1n1EeQPKSmb8okoCmtDXZxGCw8HNqmp9tVm2k9LyUFZnc/ojGA
bnF2/h/vwX3FxJE9BZ0rBNFdwn63RO5LYAt54iyRW78NhoWgsp7BZEdsU0R1j6/V
/FpEGXvLRAQ6Iof9sVLMHEVXrIXvEZOHFv0dm5BnIBxIEtKGaNnMRIYV8B0/cpwT
PFcgyTUxYt7tLaRBbnxgVPT9pBcTnUj9WkAifAE4cs82X5FDZP3ht/jOGb84vkU0
H5fxILYgzj7qfbMOIJdpCjjZ9WgK5pwVpid6KtUntL1kQRawn809gWHrdM1Gwg5z
QW/qB2U2VGJ+bCcMIPzbD4H8Ka0j2pbiYpRMlKTXWEdqXSOrvSRX2IpQeDUxu717
dRCGR0Pgyz+VSjoJ8wyY
=A4Ct
-----END PGP SIGNATURE-----