-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OK, that's useful, but not good. The last thing DNSSEC/IPv6 needs is yet another reason why network access which used to work now doesn't.
edns-packet-max=1280 seems to be working fine here. Please let me know if you find anything more. Cheers, Simon. On 09/01/15 21:34, Dave Taht wrote: > I strongly suspect an ipv6 fragmentation handling bug in the > kernel version cerowrt uses. Have tons of evidence pointing to that > now, starting with some tests run last year from iwl and also the > tests that netalyzer was doing. And: I just locked up the box > completely while doing some dnssec stuff. > > will go through kernel git logs and see what has happened there > since 3.10.50. > > Turning on the edns-packet-max feature now, however, as I lack time > to poke into this in more detail, and we're supposed to be testing > dnssec as it is.... > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUsUcjAAoJEBXN2mrhkTWigEgP/id/tK0SSnRlrnwazoNe1aCg jgJ0MyDHAxtKhqJgDPniMyScld185lCQ5nE87k6YM2EOW2Os5G4Xos15Pg8R+s8c Nd5OD0R/sPWnIjD7f8JKN8RndYNBqB5kUiT/OErDW6R0AR+G5kkvMjMppDPUVpPL JZ+8xckaeIfOSC/x18thRgc2IczLOmzo9cgXgA7PieV70+Zi3nN6ALOc62xeiizU sAje24z/lBC9J9B+rTnhs3LuL8CCTcMFxqIv66vaNvrCCSvSk5mV4JR6bqHz2U8X UNo3fXogjNKhFU1n1EeQPKSmb8okoCmtDXZxGCw8HNqmp9tVm2k9LyUFZnc/ojGA bnF2/h/vwX3FxJE9BZ0rBNFdwn63RO5LYAt54iyRW78NhoWgsp7BZEdsU0R1j6/V /FpEGXvLRAQ6Iof9sVLMHEVXrIXvEZOHFv0dm5BnIBxIEtKGaNnMRIYV8B0/cpwT PFcgyTUxYt7tLaRBbnxgVPT9pBcTnUj9WkAifAE4cs82X5FDZP3ht/jOGb84vkU0 H5fxILYgzj7qfbMOIJdpCjjZ9WgK5pwVpid6KtUntL1kQRawn809gWHrdM1Gwg5z QW/qB2U2VGJ+bCcMIPzbD4H8Ka0j2pbiYpRMlKTXWEdqXSOrvSRX2IpQeDUxu717 dRCGR0Pgyz+VSjoJ8wyY =A4Ct -----END PGP SIGNATURE----- _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
