From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 45DE5201B71 for ; Wed, 23 Apr 2014 10:16:32 -0700 (PDT) Received: by mail-wi0-f176.google.com with SMTP id r20so5275088wiv.15 for ; Wed, 23 Apr 2014 10:16:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=5K+JZ4ekrD5UDdCpQwURg6QZjVgi5UYeJUgaSgniKHs=; b=bVZy3q38NImLmIQqE4xpVuvXbmQfy7Z6qsWJjO0r3Dwvd0JXdVdY5gBzp8rtx/KtZb ylPVGezB7e9hQaBK398R6SihDcm9mT6azXNObfzZC310dyHr5IHH7tX5h1/QCVYO0sxv LWhfLF3uGXanPskZV3ebb6PUS+y1X0JRQfIHUBVi7EB0QCW1vHiHFzJQWxGMO/lddeTN 3165RjjZCGjqiq9XhD7RzV3OvWfsrP2TwzVExo669ZgeatdSjNJ9FS7XiK4aF9fYnlNl RYFT+WVMqXqsB1MXeCQMk9GgAtT7PUwRtnrOlIJmxR8Gk2bIeaLKliIckwlntBh66taU JIIw== X-Received: by 10.180.95.4 with SMTP id dg4mr2711051wib.9.1398273390015; Wed, 23 Apr 2014 10:16:30 -0700 (PDT) Received: from ?IPv6:2001:470:6aac:2:2598:52c8:9a93:311a? ([2001:470:6aac:2:2598:52c8:9a93:311a]) by mx.google.com with ESMTPSA id fi2sm30109914wic.15.2014.04.23.10.16.28 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Apr 2014 10:16:29 -0700 (PDT) Message-ID: <5357F55C.1030500@gmail.com> Date: Wed, 23 Apr 2014 18:16:12 +0100 From: Robert Bradley User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net References: <5357E336.6070406@thekelleys.org.uk> <5357EDE7.2000409@gmail.com> In-Reply-To: <5357EDE7.2000409@gmail.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mEKDQVQQ3VfbvgmI6gwedQJL2Qer3VC0M" Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] more dnssec failures X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2014 17:16:34 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mEKDQVQQ3VfbvgmI6gwedQJL2Qer3VC0M Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 23/04/2014 17:44, Robert Bradley wrote: > This looks identical to the *.cloudflare.com issue I had last week. In= > both cases, using Level 3's 4.2.2.2 instead of Google DNS works fine, > and 8.8.8.8 returns SERVFAIL for DS lookups. This looks like a bug in > Google's DNS servers as opposed to dnsmasq... Digging into this further, it looks like the issue occurs for domain names where an A record exists but a DS record does not. In the case where the A/AAAA record is non-existent, (e.g. dscc.akamaiedge.net.0.1.cn.akamaiedge.net. instead of e3191.<...> or non-existent.cloudflare.com), you get the expected NOERROR or NXDOMAIN response. It would be worth testing this on a non-dual-stacked host or a subdomain without related A/AAAA records too. --=20 Robert Bradley --mEKDQVQQ3VfbvgmI6gwedQJL2Qer3VC0M Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTV/VpAAoJEGK/UXZZ8Ak6H9cP/2wLE/FLrl32LgEHUkyMIO69 gcLLRYApyFVEjSslQUTF1zemng7SZdTR8uscKrXTXQ6nZphw8wAlzA/0v8PY4Col 06eDYmib3SwN/uh1h5xwu4l7OlQYD4WZ3SFNgv5ozi3ad9vwuq6ZZnFUfgcMwhjR Ko5q4zD4Suzjx32ffVZLOckyUPsVJGuUPAGuefWPdmOVzoXcEpR/cF4q+IGeKb1C 3MJJV/Ai+YKJs8YV2tFFQl90SAsk1ZtVjXq1crgdlXMMvZUMqV0wm1SMpe/ZBxDp JRBWWRqBqoIKgtaT6btoBjqp+bdY67QssicuW2EG85OS6ZIgChQcc3FR+7w0UawC T88mto/9SbmIOdrm+4/4hI7CR+ztRJbm4eXozMR3M5e2uuVeDDNI6t+m/aouv8fJ H6YA83D7Vaiokcuv7Kf8YmwoXz9fD2+L3tfl3qb7NEtKIzl0S8V5cLrbUOuFXhQy 6sdRCi/Ms/2WQ4EwsRjFAuVHgPmg52l9lnkTPOJ5qqkSA3NRyHmlxgd9aLE/akYS RRqYLVxj0xbndQ+rpCYRpt9613gehqf9eRWJvdHzh68jFysYL+4KGrI2gthFXn4z Lcz4Y+q8wxctdCGOHjhsc8T9Y+mvRCPjeCU0ZzUa/aiLSIuzTV11JowwiQmk0C/8 snMXuGTkEa33sMT7pnX5 =bMfH -----END PGP SIGNATURE----- --mEKDQVQQ3VfbvgmI6gwedQJL2Qer3VC0M--