On 09/05/2014 17:17, Aristar wrote:
> Okay I figured it out. It was DNSSEC I didn't realize it was enabled
> by default so I had to comment out the lines in /etc/dnsmasq.conf but
> I still had to manually specify a nameservers in a separate config
> under LUCI Network>DHCP and DNS>Resolv and Hosts Files>"Resolve file"
> and all is well again.
>
> Now to set up dnscrypt-proxy again which actually has a repository now
> and instructions for building from source. (Seems more reliable than
> DNSSEC anyways, though I have not read too much on DNSSEC).
>
> src/gz exopenwrt http://exopenwrt.and.in.net/ar71xx/packages
>
> https://forum.openwrt.org/viewtopic.php?id=36380&p=1
>
>

Out of interest, which upstream DNS servers were you using when DNSSEC
was blocked?  I noticed fairly recently that some Wi-Fi networks (Global
Gossip, using filtered OpenDNS upstream) refused all dnssec-enabled
requests with NXDOMAIN.  This was testing with a custom-built dnsmasq
2.70 on Ubuntu, but the same setup works fine behind both CeroWRT and
other DNSSEC-capable servers that I tried.

-- 
Robert Bradley