https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867
Bug ID: 216867 Summary: IPFW workstation rules block DNSSEC resulting in DNS failure on freebsd.org domains Product: Base System Version: 11.0-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: conf Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd-b...@rsle.net CC: freebsd-am...@freebsd.org CC: freebsd-am...@freebsd.org The default IPFW "workstation" rules seem to block fragmented packets caused by DNSSEC, in turn causing DNS to fail for some domains (including freebsd.org subdomains) when DNS resolution is performed locally (using BIND or Unbound). Fix: The addition of the IPFW rule "ipfw add reass udp from any to any in" to /etc/rc.firewall, under type workstation, fixes the issue. This issue was discussed at: https://forums.freebsd.org/threads/48760/ -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"