> On Jan 6, 2026, at 1:30 PM, Richard Laager via bind-users > <[email protected]> wrote: > > On 2026-01-06 14:23, Philip Prindeville via bind-users wrote: >> A lot of core routers do random drop on ICMP to avoid denial-of-service >> attacks since ICMP isn't fastswitched (i.e. it takes the CPU to process the >> packets instead of ASICs). >> At least that was the case 20 years ago when I was at Cisco. > > Sure, but isn't your MTR showing packet loss all the way to the final > destination? > > You had this: >> 12. ns-1707.awsdns-21.co.uk 66.1% 56 73.2 207.4 73.2 1275. >> 339.7
Well yes, yes it did. I noticed that if I disabled recursion it didn’t make any difference. Restarting the daemon I see: Jan 6 15:23:15 OpenWrt2 named[24658]: resolver priming query complete: timed out Jan 6 15:23:15 OpenWrt2 named[24658]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out And if I modify isc-dhcp to hand out 1.1.1.1 and 1.0.0.1 as name servers instead, things don’t work any better, so yeah… looks like a packet loss issue. Which is weird, because when speediest does manage to run, I sometimes see 630/95mbs … other times… 45/19mbs. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
