[dns-operations] Strange problem with fragmented DNS responses from b.iana-servers.net
Mark Andrews
Mark_Andrews at isc.org
Wed Dec 10 23:02:19 UTC 2008
In message <82fxkwksz2.fsf at mid.bfk.de>, Florian Weimer writes:
> > I receive (fragmented) replies both from B and C. Very occasionally
> > the reply from B is reordered on the way, i.e. I receive the second
> > fragment (which doesn't contain port numbers) first. Such a reordering
> > could presumably cause problems for stateful firewalls...
>
> Not likely. There are some stacks which consistently send the
> fragment at the highest offset first.
And there are some middleware boxes that can't handle
fragmented responses where the first fragment is not recieved
first. I know they exist as one of them is running the X
server I'm using right at this moment. It handles fragmented
packets that terminate on it. It doesn't handle fragmented
packets that are in response to NATed traffic.
Mark
>
> -- =
>
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstra=DFe 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list