Web lists-archives.com

Re: BIND DNS problem after upgrading from Wheezy to Squeeze

On 27/12/2017 13:18, Bernhard Schmidt wrote:
Current BIND9 defaults to doing DNSSEC verification. DNSSEC needs large
packets. You might have an issue with UDP fragments being dropped at
your firewall/NAT Gateway?

Thanks for this tip. Looking into it I discovered TCP seems to be recommened for DNSSEC so Ive enabled TCP port 53  and so far not had a problem!