From Klaus at Ethgen.de Sun Jul 4 21:59:17 2010 From: Klaus at Ethgen.de (Klaus Ethgen) Date: Sun, 4 Jul 2010 20:59:17 +0100 Subject: fiaif and DNSSEC Message-ID: <20100704195916.GA16498@ikki.ethgen.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I am using fiaif for years now. Recently I slipped into a very difficult problem. The main registrar for my country, nic.ch, switched to DNSSEC in September 2009. Since then I was not able anymore to resolve names in there zone. After many tests I did find two sources for problems. One is bind itself which seems to have problems with that big packages. The other is fiaif which forbids fragmented UDP packages. (I finally found a note about that on the web page of debian but not in the documentation of fiaif.) As the package of the nic.ch zone is much more big than all other zones which uses dnssec that one will not fit into the package size of 1480 Bytes (MTU 1500) so I cannot resolve it anymore. By the way, I searched where this limitation is done in iptables but didn't success. There is no such rule in the iptables however I find one rule about fragmentation in the sanity_check.sh: "IPTABLES -t ${TABLE} - -A ${QUEUE} -p icmp --fragment -j LOG_DROP" But that is not relevant for DNS. Is there any way to allow fragmented UDP packages at all or, better, for DNSSEC only? Regards Klaus Ps. Please hold me in Cc as I am not subscribet to the list and cannot find the list on gmane. - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTDDoFJ+OKpjRpO3lAQoXVgf+MLh866gtcHCJqGtN0sIGbExi9ITKhmdk McawrRcOZKOXCRN8/8rDFWljQopWjwqPfWcn+RlZYQFGzI2Rvc9lc6IKp+A4bM5s 7xkpyg12aA4Z5Nnjra6bb57gGSZWbNqBdIE3Cukcwb2Rztn8vBAlfPcfr6NpincQ +eiPveuoyyn38VItuMLYEo/TaEXh7D6bz5j487/JUWSFOCq+Ko3JNksdmBNeky41 Z0kLeBv/pyLSkY9u1Xvxws46oCgRFmpvNNmJwYgqmzTl1z2dIsvCvBujkDO4D718 pe4ppQ5mjxl2eCen5wqFA9hez95k3EP4t8JXF5T3o4NkjC4Kagyd+g== =57k4 -----END PGP SIGNATURE----- From sebastian.belter at gmx.de Tue Sep 14 00:53:01 2010 From: sebastian.belter at gmx.de (sebastian.belter at gmx.de) Date: Tue, 14 Sep 2010 00:53:01 +0200 Subject: Name removal / output rules and ping post References: 000b01c504a9$b05e95a0$0300a8c0@knut Message-ID: <1929630632.20100914005301@gmx.de> Hi there, Please remove my name from an old post of mine and/or replace it with my alias of Clark Kent. I was asking about specific output rules and I got great help. Thanks for that. However, that post refers to post ususally used by emule. As of late I have run into legal trouble with a law firm, who are massively prosecuting filesharers for their own game. I am a bit paranoid now about them gathering information on my real name to play me. Please remove my real name from the follwing websites: http://www.fiaif.net/pipermail/fiaif/2005q1/001097.html http://www.fiaif.net/pipermail/fiaif/2005q1/001098.html http://www.fiaif.net/pipermail/fiaif/2005q1/001099.html Thank you very much. Sebastian From m_white at srhshealth.com Mon Nov 22 02:25:23 2010 From: m_white at srhshealth.com (Erin Brock) Date: Mon, 22 Nov 2010 10:25:23 +0900 Subject: You have new message! Message-ID: <870331866.44916869152933@srhshealth.com> Get a Degree in 4 tooovf9yp 6 Weeks with ou58cur provda8vmzkgram! ~We onpvcuelnoffer a pro94c6smigram that will help ANYogjpNE with pro3elfessiorsttjs1hnal experience get a 100% verified Degree: Dof8zoj1xctofhrk7rate (PHD), Bacheloq5o9vrs, Masters - Think abosyhikqphut it... Within a few weeks, yon0elu can becovely6ydme a cox1o7t5illege graduate!- Fobv1llospw Yot0drhUR Dreams- Live a better life by earning on2r upgrading yog3cour degree This is a rare chance toyc make a right mo8elyve and receive yopn7wszur due benefits... if yoush6u are qualified but are lacking that piece otzn3gmkf paper, Get o21ane froy96r4m us in a fractionpn ouxf the time. ~CALL Fo91R A FREE Cor0tfo4sNSULTATIo7rohN~ 1-801-461-5023 It is yobi114ur moa6i2k2xkve... Make the right decisio5w8hwzn. Due to3i3hrj6v time zogywel5qkne variatiotelfns acro4d5rss the co533usuntry, a representative may no1rt be in the ossumjiw3ffice at the time oqtvamf yonvnyur call. If that is the case please leave us a message with yomd263ur name and pho1belmne number and we will get back to2t yocmjp7nu as soow6o4mvn as po1uissible. Domvkf Nohabgelyt Reply tovcq6wx this Email. We do1gs00b2 noo6pt reply toqtj text inquiries, and o2pz2ur server will reject all respohg2wnse traffic. We apo1axlo6nqc4dsgize foik92el2ar any incop2cbysc7nvenience this may have caused yo4btsynwu. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gkumarigate at apac.ko.com Sat Nov 27 18:36:37 2010 From: gkumarigate at apac.ko.com (G Santosh Kumar 'igate' -C-) Date: Sat, 27 Nov 2010 23:06:37 +0530 Subject: Which port for VPN? Message-ID: An HTML attachment was scrubbed... URL: