Re: apt temporary failure resolving deb.debian.org

[Tim Woodall <debianuser@woodall.me.uk>]

On Mon, 10 Apr 2023, Tim Woodall wrote:

> On Mon, 10 Apr 2023, Lee wrote:
>
> > Why are you using google as forwarders ?
>
> To eliminate as many variables as possible.
>
> delv talking to google works.
>
> delv talking to bind talking to google fails.
>
> When talking directly, delv is using udp to talk to google
> When talking via bind, bind is using tcp.
>
> And while google acks the DNSKEY request from bind, the data is not
> received. The seqnence number jumps from 1 on the ACK of the query to
> 1636 on the FIN where google closes the connection.
>
> Thats 1635 bytes of data gone missing.

I managed to reproduce this talking to a remote bind server that I can
control, running tcpdump on both ends.

The DNS response was 1661 bytes split into two TCP packets with TCP
segment len of 1208 and 455 (The other two bytes are the DNS response
length itself)

My router (at least I assume it's my router) is then dropping them.

Change to use a non-standard port for the remote dns resolver and it
works.