Maintained by: NLnet Labs

[Unbound-users] fragmentation

shmick at
Fri Sep 12 17:01:23 CEST 2014


i am testing 2 boxes on debian jessie with identical unbound configs
(with the exception of 1 using forwarding to a dnscrypt resolver; this
box does not suffer fragmentation)

both same wired LAN, they also both access the same gateway and firewall
and essentially have same iptables rules

i tested them using

$ dig +short txt

1st box seems ok (dnscrypt forwarding, do-not-query-localhost: no)

but the other sees fragmentation (direct access; no forwarding)

what could i inspect for the issue ?

what happens if the box suffering fragmentation is doing large DNSSEC
querying/answering - will it revert to truncation and is that extraneous
extra processing and therefore longer duration of time for dns processing ?