From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <simon@thekelleys.org.uk>
Received: from bytemark.thekelleys.org.uk (bytemark.thekelleys.org.uk
	[IPv6:2001:41c8:51:46b:feff:ff:fe00:3310])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id E020621F299
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 25 Apr 2014 11:50:03 -0700 (PDT)
Received: from [213.205.228.161] (helo=[192.168.150.151])
	by bytemark.thekelleys.org.uk with esmtpa (Exim 4.80)
	(envelope-from <simon@thekelleys.org.uk>)
	id 1WdlC7-0000KT-Um; Fri, 25 Apr 2014 18:49:57 +0000
Message-ID: <535AAE37.103@thekelleys.org.uk>
Date: Fri, 25 Apr 2014 19:49:27 +0100
From: Simon Kelley <simon@thekelleys.org.uk>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Jim Gettys <jg@freedesktop.org>, Dave Taht <dave.taht@gmail.com>
References: <CAA93jw6zwHw67oBBYx2EwYrK+z=PdxTt=FVtGidnz=AYuVzx1w@mail.gmail.com>
	<CAGhGL2CGVDoMoQxyRKoPV2zM42wYA3XT22w5DDrLVppjEg23bg@mail.gmail.com>
In-Reply-To: <CAGhGL2CGVDoMoQxyRKoPV2zM42wYA3XT22w5DDrLVppjEg23bg@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: dnsmasq-discuss <Dnsmasq-discuss@lists.thekelleys.org.uk>,
	"cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss]  test-ipv6.com vs dnssec
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 18:50:04 -0000

On 25/04/14 19:01, Jim Gettys wrote:
> More specifically, after boot, most of the time test-ipv6.com reports lots
> of problems.
> 
> Then I turned off both dnssec and dnssec-check-unsigned, and restarted
> dnsmasq; clean bill of health from test-ipv6.com.
> 
> Then I turned on dnssec only, leaving dnssec-check-unsigned, and got a
> clean bill of health.
> 
> Then I turned on both at the same time, and things are working.
> 
> So we seem to have a boot time race of some sort.
>                               - Jim
> 
> 


test-ipv6.com is unsigned, so the important thing which is likely
failing is the query for the DS record of test-ipv6.com, which should
return NSEC records providing it doesn't exist, signed by .com


Simon.



> 
> On Fri, Apr 25, 2014 at 1:39 PM, Dave Taht <dave.taht@gmail.com> wrote:
> 
>> jg tells me the test-ipv6.com site fails with dnssec and enabled on
>> native ipv6.
>>
>> disabling dnssec works.
>>
>> anyone can confirm? get a log/packet capture?
>>
>>
>> --
>> Dave Täht
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>