This is for recursive, and our recursive got 10X more queries than our
authoritative ones, and we had to disable conntrack on our DNS servers last
summer by using raw table and everything works for IPv4 including
fragmentation, we just noticed fragment fails for IPv6 when using raw
table, query not
On Fri, Sep 30, 2016 at 11:55:18PM -0400, Larry Larson wrote:
> I've followed instructions in this BIND Knowledge base article and
> installed ip6tables on my DNS server, using raw table with no
> conntrack for DNS:
> https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
Greetings,
I've followed instructions in this BIND Knowledge base article and
installed ip6tables on my DNS server, using raw table with no conntrack for
DNS:
https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
But for IPv6 it drops fragmented packets, for example this qu
3 matches
Mail list logo
