[Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

Dave Taht dave.taht at gmail.com
Fri Jan 9 16:34:49 EST 2015


I strongly suspect an ipv6 fragmentation handling bug in the kernel
version cerowrt uses. Have tons of evidence pointing to that now,
starting with some tests run last year from iwl and also the tests
that netalyzer was doing. And: I just locked up the box completely
while doing some dnssec stuff.

will go through kernel git logs and see what has happened there since 3.10.50.

Turning on the edns-packet-max feature now, however, as I lack time to
poke into this in more detail, and we're supposed to be testing dnssec
as it is....



More information about the Cerowrt-devel mailing list