[dns-operations] Strange problem with fragmented DNS responses from b.iana-servers.net
sthaug at nethelp.no
sthaug at nethelp.no
Tue Dec 9 10:53:58 UTC 2008
> I've had some private replies with suggestions such as:
>
> - My money would be on a stateless perimeter firewall eating the UDP fragment
>
> - Is there a chance the fragments don't get the proper Ethernet padding?
>
> - What happens when you ping with large packets
>
> These are good suggestions but don't explain why I get fragments from server 'C' but
> not from server 'B' for only this one query name.
I receive (fragmented) replies both from B and C. Very occasionally
the reply from B is reordered on the way, i.e. I receive the second
fragment (which doesn't contain port numbers) first. Such a reordering
could presumably cause problems for stateful firewalls...
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the dns-operations
mailing list