05-09-2013 12:12 PM - edited 05-22-2013 10:32 AM
Currently runnning 220.127.116.11 and I am testing for DNSsec support.
Notice that the defined svc-dns - appears to be basic udp port 53 rule.... but with just rule - DNSsec fails - appears the controller does not support large UDP frames - or UDP fragments?? if I add a rule to allow TCP 53 - DNSSec can failback to TCP - but should I have to do this?
Notice there is a DNS alg - but I don't know what this does....
Anyone else walk down this path before?
ok update to above.... I had made the assumption that the test I was running was meant to be pure UDP and basically test longer DNS (ie UDP 53 packets, fragments and continuations etc...) going through the controller - this apparently was not the case for the tests being run... and TCP was being used as well....
So at this point DNSSec appears to have no issues through the controllers... still don't know what the alg does