On 04/22/10 18:48, Timothe Litt wrote:
I get a "connection timed out; no servers could be reached" after the "Truncated, retrying in TCP mode" even with +bufsiz=512
I get a correct response when I use +bufsiz=512. After "Truncated, retrying in TCP mode" I get a response, but apparently you don't.
I am not blocking tcp/53. In fact, telnet dns1.uspto.gov 53 will happily establish a connection :-) I'm on a fiber (Verizon FiOS business) circuit - given that others are seeing this over a wide geography, seems like the investigation needs to start closer to the .gov servers...
Certainly for the UDP fragmentation issue that's true. Everyone seems to be having that problem. But you seem to be the only one having the problem where you can't receive TCP even if you set a low bufsize. I can fallback to TCP just fine as long as I set a low bufsize.
If you're into numerology, 1736 is 1500 + 236 -- with a 20 byte header on the 236, you get 256 for the fragement - which is mildly curious. Folks on DSL should remember that their magic number is less than 1500 bytes (1492 is common, as is 1453).
...which makes me think that there is a PMTUD issue in your situation. You can establish a TCP connection, but perhaps you receive a larger packet than you can actually receive and you can't signal that you can't receive such a packet because someone is blocking ICMP on the path between you and uspto.gov. Only a packet trace will even begin to yield some clues there.
*If* that's true, that, combined with the UDP fragment blockage just makes me think: "My, how we've gunked up the Internet."
michael _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
