[Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

Simon Kelley simon at thekelleys.org.uk
Fri Jan 9 11:49:46 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

An interesting observation: my IPv6 connectivity is via a sixXS tunnel.

Resolving isc.org through dnsmasq w/DNSSEC to google's IPv6 DNS
servers times out, because dnsmasq was never getting a reply to a
query for the DNSKEY RRset for org. This reply (when signed) is
1600-or-so bytes. running dnsmasq with --edns-packet-max=1280 makes it
work.

The tunnel MTU is 1280


Simon.





On 09/01/15 08:52, Dave Taht wrote:
> I was able to lock up this version of dnsmasq twice: 100% cpu
> usage. No syscalls were visible from strace during the lockup.
> Lockups occurred once on nearly at boot, and the second time, after
> a few hours of casual usage, with only ipv6 upstreams, on
> cero-3.10.50-1.
> 
> furthermore, the only thing that kills it is a kill -9. I will
> build a non-stripped version in the morning... (and I do note that
> I was testing two things - one ipv6 upstreams only, and two,
> dnssec. Prior to this version I was using both ipv4 and ipv6
> upstreams, no issues, had dnssec on also, usually no issues)
> 
> Other suggestions for debugging the causes of a lockup requested
> (log all queries?)
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUsAapAAoJEBXN2mrhkTWi6BMP/jXXRw3lQ9vuX28lut4VUsz8
yuVhPB8nQYpewXAT3LRxd33C7mVI6hQfbxcA192Mh7/4N66yAp91a3jeRZTe5pW6
nUS+GDGfXQXNZoVFbeQZrUQEyJ7QF1tj1TqXncp9lbYPGUFWrlruM3r0kDfHEYIb
hHZ7oO/LWg6sYTg5JkidbogL7QwFG97cZ5+6I4++rFTe+rrtfgKRIMSDP4kY+azU
vqzTOzQfwM69TfCPFjm/iJ8AStH8Y99lhORMyK/0F7kSODI0c3fPkcYLDaqslq/S
0GnhWIscAle0FoKG1CUErrUXESN1Q9dn4SKqrzeoRB4494n8tP0QykvmlgkcR/fx
orAxbvshTpWZaNzo0D6fjd9Pk81fFH2jTB6hFz3O1e67+2DOK5wqrOm4+vLU2Kke
gPthCsGDD5s6CcYs93gUfufzjZAllNvCgouvUZJMDWK2YQoMRLTHyGozz/wNeUV5
qI0aZTrXXluUQNaWxs326C4Ej02UXztE4rrPXb1YRiPzyFC0TZSNdco0tv0l/yru
oZQ1s6VFvqrqy7aNHeh/TyjFDEC2OqRVIXvuNOe1SECgjActLTOzxaOhOqfvqgjc
10Py3aZz8Tm40pixW4Q7LCm++QOB770NwzhLMjQ4jvvCEo5ua5dNsMA7whVX6Spf
pVw5V1h6KX4QDNbfZmeC
=HAlX
-----END PGP SIGNATURE-----



More information about the Cerowrt-devel mailing list