From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx.etorok.net (mx.etorok.net [62.113.205.31]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx.etorok.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 19B0021F289 for ; Fri, 25 Apr 2014 12:24:14 -0700 (PDT) Received: by mx.etorok.net (OpenSMTPD) with ESMTP id 494c15b8; for ; Fri, 25 Apr 2014 22:24:08 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=etorok.net; h= message-id:date:from:mime-version:to:references:in-reply-to :content-type:content-transfer-encoding; s=ml; l=1507; bh=Z3NePZ WW4w8JQeePFMd/gTz/pwc=; b=PG013XdRhYKTRuYbbkyWMig9uL9QGakaEvvFZk FmPeodcrMQ5Q74spFPkBog6HMAWDr3jejPM5/0NzMr0/aCcWQJqVWy/+wV8t59KN gp7U3GhYeD+v4Qil+Lmip9scRV49+71NVPOYhi8Alf5cE6oWviMq1kP57PiO+UKx 05X78= Received: by mx.etorok.net (OpenSMTPD) with ESMTPSA id 606f55a7; TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-SHA bits=128 verify=NO; for ; Fri, 25 Apr 2014 22:24:08 +0300 (EEST) Message-ID: <535AB657.50906@etorok.net> Date: Fri, 25 Apr 2014 22:24:07 +0300 From: =?ISO-8859-1?Q?T=F6r=F6k_Edwin?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Cerowrt-devel] test-ipv6.com vs dnssec X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Apr 2014 19:24:15 -0000 On 04/25/2014 09:01 PM, Jim Gettys wrote: > More specifically, after boot, most of the time test-ipv6.com reports lots of problems. > > Then I turned off both dnssec and dnssec-check-unsigned, and restarted dnsmasq; clean bill of health from test-ipv6.com . > > > So we seem to have a boot time race of some sort. There is definitely something wrong when ipv6 is enabled (I just noticed that since my latest upgrade I forgot to enable it). When I enable ipv6 for PPPoE, then IPv6 works in the sense I can ping6 stuff from the router ... except IPv4 is completely broken: there is no default route added according to 'ip route show', and even if I add a default route machines from LAN still can't reach IPv4 (presumably firewall would need to be reloaded too?). It doesn't seem to be dnssec related, as even if I turn both dnssec and dnssec-check-unsigned off the behaviour is still the same. I haven't investigated more deeply whats wrong yet. Do you think it could be related to your race condition? > Then I turned on dnssec only, leaving dnssec-check-unsigned, and got a clean bill of health. I've been using this for a while, it gets me a 0/10 score, i.e. ipv4 works, ipv6 fails, dual stack works with ipv4. > > Then I turned on both at the same time, and things are working. With both on I get a 'n/a' as a result, saying that dual-stack lookups timed out, presumably because ipv6 is off see below. Best regards, --Edwin