[OpenIndiana-discuss] OI IPv4 Stack setting DF flag on fragmented UDP packets

Markus Wernig listener at wernig.net
Mon Dec 4 18:01:26 UTC 2017


Hi all

I'm in the process of migrating from Solaris 11 to OpenIndiana, of which
I do not have much experience. Pleae bear with me.

I switched our DNS from Sol 11.3 to OI illumos-cd964fce75. After that, I
noticed that some reply packets sent by the new server would no longer
get through the firewalls. The reason appears to be that they are
fragmented, but still have the DF (dont-fragment) flag set. This happens
whenever a reply packet is larger than the interface's MTU (1500), which
is easily reached with any DNSSEC enabled query.

Solaris in the same situation also fragments the reply packet, but does
not set the DF flag.

Does anybody know a way to change that behaviour? Found nothing in dladm
and ipadm, and this behaviour is weird.

Thx /markus



More information about the openindiana-discuss mailing list