From: Robert Bradley <robert.bradley1@gmail.com>
To: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
Date: Sun, 11 May 2014 22:46:49 +0100 [thread overview]
Message-ID: <536FEFC9.5050408@gmail.com> (raw)
In-Reply-To: <536E187E.4000800@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/05/14 13:15, Robert Bradley wrote:
> I noticed fairly recently that some Wi-Fi networks (Global Gossip, using filtered OpenDNS upstream)
refused all dnssec-enabled requests with NXDOMAIN. This was testing with
a custom-built dnsmasq 2.70 on Ubuntu, but the same setup works fine
behind both CeroWRT and other DNSSEC-capable servers that I tried.
I eventually tracked this down to issues with 208.67.222.222 and EDNS.
If you disable dnssec on dnsmasq, it resorts to standard-length DNS
queries and name resolution works. This seems to be network-specific
though; requests from home seem to get through fine. As an aside, this
was a pain to debug since Ubuntu's dig defaults to EDNS-enabled
requests. These all fail even if you have "working" dnsmasq and route
queries via that...
- --
Robert Bradley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTb++2AAoJEGK/UXZZ8Ak6jHYP/3cJ6CHWAuJw0e+XwDGeScRW
uNx2qhBmQUZQIKSToep5fUiLidcOvOZ5+t2QUEtc5f8fIuhtooKlJqTNQEVQ/lNT
ideHNjgL7Ca0Lsurvx04RqFiHLRkuJCO/ql4WTvTebunVX4pdDEMz1jz+WoIGZJq
SbTQ/poATRUuQwdpet9PHOkPwxxyeS4uWYaFFBxwGzH/f6ha2vnnwvmUWC+qT3WI
/0MBtXK65aMD6sUkbhI8A2CrddBCq9VLTc+V9KMK0JHNXyRYBROK88kgVr/n3TJC
NTJuJN/+RwbSsJYJtRasB7hejnKtiWz6eiIAV0oDYV4AbBx8ZQT00htezXOkIjMD
9tJaHJLVzfUyJB6pxJM53tpOwIcmu/gkKsjAYBOiK6jOgIC4qL06/zQBv+IqsJEw
3WSs2cOXNCmzkZ2QZwxM1kCU6M6P21+vj+64EBwWCs+ltSVQkTMZwxojBTOXpZud
9KzrBODhx6ksHKgXTslS4ljMFMGQbOekcWyXQL89ZxGyzT7SbwmFBnPSP4LNpkn9
c7DKowWPaJY5NxtSJoYM8ImI2ut28SLpHgsTY6hmYpCWvJy8J2H/HCsSJwLb36qt
FNmCSZfx2KRKFI7k0L+babXfl7lMgIwVo59OmBAXT8hDtMEWDyxOQ8tdcTk3VArJ
6/kMuPtkDLsvH80LQMAe
=HVAh
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2014-05-11 21:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-09 9:34 Aristar
2014-05-09 16:17 ` Aristar
2014-05-10 12:15 ` Robert Bradley
2014-05-11 21:46 ` Robert Bradley [this message]
2014-05-11 21:48 ` Robert Bradley
2014-05-10 18:42 ` Aristar
2014-05-12 8:09 ` Maciej Soltysiak
2014-05-11 11:54 ` Sebastian Moeller
2014-05-11 12:14 ` Aristar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536FEFC9.5050408@gmail.com \
--to=robert.bradley1@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox