From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 844A221F214 for ; Wed, 23 Apr 2014 10:29:19 -0700 (PDT) Received: by mail-wi0-f170.google.com with SMTP id bs8so75970wib.5 for ; Wed, 23 Apr 2014 10:29:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=amObsEuNzI5FKxFuMRt5LjY3460uDOqEXZkhAZfBUvc=; b=qptR0xnxI2eDh3jbigsDKb4UYHmPMt2GIzmHiiybTb+qLo87Ss8Wic+qmDcrV/e4gb BA+WqVU3sWiFqy5WAiXCO3eHz/rmUr1/4Lqy95HOaaE8f0LaxSA9uzNV0Ue/Z6dJRYOC 6ZLt8vUDOvrtlIBqPnDOIaNKCHoPZroQm5563b37d5yIchmkE5g9jNPrqqXBX0FRQF7S TtVWtEGcTlXGRz4n/dKvUmxz+U9eydiJelzLSEDYQ8qid2Mgn1G71SFXDGVjQN0w39zy fp+CU2FVYAejuv/AM2PJ46moWVzjsJCdTuOjFPeCVpnqzxG0sQsueCItmYsPvhJv7szc 5cAQ== X-Received: by 10.194.57.77 with SMTP id g13mr13851472wjq.42.1398274156958; Wed, 23 Apr 2014 10:29:16 -0700 (PDT) Received: from ?IPv6:2001:470:6aac:2:2598:52c8:9a93:311a? ([2001:470:6aac:2:2598:52c8:9a93:311a]) by mx.google.com with ESMTPSA id h10sm5436740wix.2.2014.04.23.10.29.15 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Apr 2014 10:29:15 -0700 (PDT) Message-ID: <5357F85A.4070509@gmail.com> Date: Wed, 23 Apr 2014 18:28:58 +0100 From: Robert Bradley User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net References: <5357E336.6070406@thekelleys.org.uk> <5357EDE7.2000409@gmail.com> <5357F55C.1030500@gmail.com> In-Reply-To: <5357F55C.1030500@gmail.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hAMcSutf02HSJjjoP1gvuEx0d7fipB1BA" Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] more dnssec failures X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2014 17:29:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hAMcSutf02HSJjjoP1gvuEx0d7fipB1BA Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 23/04/2014 18:16, Robert Bradley wrote: > On 23/04/2014 17:44, Robert Bradley wrote: >> This looks identical to the *.cloudflare.com issue I had last week. I= n >> both cases, using Level 3's 4.2.2.2 instead of Google DNS works fine, >> and 8.8.8.8 returns SERVFAIL for DS lookups. This looks like a bug in= >> Google's DNS servers as opposed to dnsmasq... > Digging into this further, it looks like the issue occurs for domain > names where an A record exists but a DS record does not. In the case > where the A/AAAA record is non-existent, (e.g. > dscc.akamaiedge.net.0.1.cn.akamaiedge.net. instead of e3191.<...> or > non-existent.cloudflare.com), you get the expected NOERROR or NXDOMAIN > response. It would be worth testing this on a non-dual-stacked host or= > a subdomain without related A/AAAA records too. Update 2: This seems like it may actually be IPv6related somehow! Testing with IPv4-only domains using Cloudflare for DNS did not seem to trigger the errors. --=20 Robert Bradley --hAMcSutf02HSJjjoP1gvuEx0d7fipB1BA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTV/hnAAoJEGK/UXZZ8Ak6ahUQAJVo6HaS4kySbqxSgY+XzW/f Wsv5PCynDV94XL1wJG6ufps0fScTByzykdkAtVm3fhcdMXeBXC2zdoyFl0XKoMQ9 +dNuPz2cZrByfjgIUvQcXJ4GCXiWvnUyEnTfMmomazZUoAE03/RncAnHdI+QrptD /Mw2PPcIa0BwlRiiIxGaFMarN9FrV50J34hUYqpGaFRKfkFCT/9Swq+oAUM5fWiS r87CN5AI6jynfw2LZrUqb5JUX9mSWBC16Cso5FgeOd20F2WBorCS2WRgxqkQtm6Y hQK9qQhhTu6SJY9s3R47sbaEH0P9R61Qb1ucpvKjj6OEAap1msIX/EJj60smaYP+ YFZFRAJ+HsPRUPoHuoHJ4ORtb3AZTtI2c8zmVM7wAKzHwi7duK6lC9rlOU4Gr46E SMJ2Sdnh1LoUlaAEf+3H1xkLP6Lyc91RqPxMAEsXpvbAvDVrKvylwvH1xqKDZm0o jxqUVguAe7l96iCKKkt4YgF0Hyj3XGOwTEu+uOzMcUCfm7Co2ShStYEOQC4Llia/ FR735QJHoCfDV5vcTGX1cdsLVU8yPG/Ax+Ht7l4ZuTeuGk/zQbmFWG/2Y9JtCkne 0yCTBCH/C5zprGi6KstA6ioAGi2GsoZEYQcjBtfjtTF90Bjwuv7lKGX6y4zMqWRl IUOztoiDh6IECoBPUsPX =rPJU -----END PGP SIGNATURE----- --hAMcSutf02HSJjjoP1gvuEx0d7fipB1BA--