Re: [Cerowrt-devel] DNSSEC failure for *.cloudflare.com via dnsmasq?

Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed

From: Robert Bradley <robert.bradley1@gmail.com>
To: Michael Richardson <mcr@sandelman.ca>
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] DNSSEC failure for *.cloudflare.com via dnsmasq?
Date: Sat, 12 Apr 2014 22:27:24 +0100	[thread overview]
Message-ID: <5349AFBC.1080101@gmail.com> (raw)
In-Reply-To: <26014.1397336061@sandelman.ca>

[-- Attachment #1: Type: text/plain, Size: 3060 bytes --]

On 12/04/2014 21:54, Michael Richardson wrote:
> Robert Bradley <robert.bradley1@gmail.com> wrote:
>     >> Did I understand that your dnsmasq is using 8.8.8.8 as it's upstream
>     >> forwarder, so your results are filtered through google?
>
>     > Yes, that's right.
>
> I think that there is some interaction between dnsmasq doing DNSSEC, and
> Google DNS doing it as well.  Can you try with some other open resolver that
> does not do DNSSEC resolution?

Switching to using 4.2.2.2 seems to work fine.  This may well be limited
to particular networks and servers though given that these are anycast
servers and Cloudflare is a CDN:

root@cerowrt:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  *  *  *
 2  leed-core-2a-xe-1121-0.network.virginmedia.net (82.15.94.65)  9.146
ms  6.761 ms  7.251 ms
 3  manc-bb-1d-ae8-0.network.virginmedia.net (213.105.159.249)  7.819
ms  11.558 ms  7.666 ms
 4  manc-bb-2a-ae3-0.network.virginmedia.net (62.254.42.117)  13.453 ms 
49.300 ms  12.830 ms
 5  manc-bb-1c-ae2-0.network.virginmedia.net (62.254.42.114)  7.613 ms 
7.063 ms  7.924 ms
 6  tele-ic-3-ae0-0.network.virginmedia.net (212.43.163.70)  13.606 ms 
13.478 ms  14.151 ms
 7  tele-ic-2-ge-301-0.inet.ntl.com (212.250.14.105)  46.178 ms  51.208
ms  50.896 ms
 8  209.85.244.182 (209.85.244.182)  22.786 ms  209.85.244.184
(209.85.244.184)  14.510 ms  209.85.244.182 (209.85.244.182)  39.937 ms
 9  209.85.253.94 (209.85.253.94)  14.654 ms  209.85.245.2
(209.85.245.2)  19.117 ms  14.333 ms
10  66.249.95.173 (66.249.95.173)  29.301 ms  72.14.242.166
(72.14.242.166)  19.458 ms  20.342 ms
11  72.14.238.217 (72.14.238.217)  53.472 ms  72.14.238.41
(72.14.238.41)  20.340 ms  20.248 ms
12  *  *  *
13  google-public-dns-a.google.com (8.8.8.8)  18.814 ms  19.262 ms 
20.023 ms

root@cerowrt:~# traceroute 4.2.2.2
traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 38 byte packets
 1  *  *  *
 2  leed-core-2a-xe-1121-0.network.virginmedia.net (82.15.94.65)  6.979
ms  6.162 ms  5.474 ms
 3  manc-bb-1d-ae8-0.network.virginmedia.net (213.105.159.249)  6.553
ms  32.480 ms  7.849 ms
 4  manc-bb-2a-ae3-0.network.virginmedia.net (62.254.42.117)  13.485 ms 
13.117 ms  13.461 ms
 5  brhm-bb-2a-ae1-0.network.virginmedia.net (62.254.42.49)  9.660 ms 
9.528 ms  14.095 ms
 6  *  brhm-bb-1c-ae0-0.network.virginmedia.net (62.254.42.110)  9.213 ms  *
 7  213.161.65.149 (213.161.65.149)  14.674 ms  15.765 ms  15.385 ms
 8  4.68.70.77 (4.68.70.77)  15.200 ms  15.055 ms  15.223 ms
 9  vl-3603-ve-227.csw2.London1.Level3.net (4.69.166.153)  13.883 ms 
vl-3504-ve-118.csw1.London1.Level3.net (4.69.166.141)  18.986 ms 
vl-3502-ve-116.csw1.London1.Level3.net (4.69.166.133)  20.304 ms
10  ae-234-3610.edge5.london1.Level3.net (4.69.166.53)  13.229 ms 
ae-124-3510.edge5.london1.Level3.net (4.69.166.37)  18.553 ms 
ae-123-3509.edge5.London1.Level3.net (4.69.166.33)  20.394 ms
11  b.resolvers.Level3.net (4.2.2.2)  14.764 ms  14.026 ms  15.251 ms

-- 
Robert Bradley



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 899 bytes --]

next prev parent reply	other threads:[~2014-04-12 21:27 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-12 11:06 Robert Bradley
2014-04-12 11:11 ` Toke Høiland-Jørgensen
2014-04-12 11:53   ` Robert Bradley
2014-04-12 12:02     ` Toke Høiland-Jørgensen
2014-04-12 12:24       ` Robert Bradley
2014-04-12 19:06         ` Dave Taht
2014-04-12 19:07         ` Michael Richardson
2014-04-12 20:30           ` Robert Bradley
2014-04-12 20:54             ` Michael Richardson
2014-04-12 21:27               ` Robert Bradley [this message]
2014-04-12 11:13 ` Robert Bradley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5349AFBC.1080101@gmail.com \
    --to=robert.bradley1@gmail.com \
    --cc=cerowrt-devel@lists.bufferbloat.net \
    --cc=mcr@sandelman.ca \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox