From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 51C3621F1FA for ; Sun, 11 May 2014 14:46:55 -0700 (PDT) Received: by mail-wi0-f169.google.com with SMTP id hi2so4668589wib.0 for ; Sun, 11 May 2014 14:46:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=YinCYdmU/s8K3gyCC30QLCm4G49bQkXGW4URS+/Qgp8=; b=O6LhG5N3uZVuHamq/LKf8yNIw/wMcNtCkPTtWndGEQ4u/LMKCh0KyITygnu3pxaJ/r tt0/4UL/eJoTu7rKcnF5SlcVXdkYo2NBXMWSRIaoVPn15iWAU9mz5zptJ7e2OwQvAlOS G46DL8LSXjy9m40Hfi/99dwM3v2ecFhdp/etviGL1s5cKBjyW8gtzX+BHq2tObY9BF05 RaNniX0RpAXZXJoN2Hsd67Bb2JxTnmTk/VStTpuygFR2vpdurr7xALlVTAxNvoj0HcEP giFabbAZRTpYYCZBXHIaxEZvfkCBWuYszO1V4QmSlbnNFGcpsGc329Vkn3BcPJLx1bPt Fqrg== X-Received: by 10.180.19.167 with SMTP id g7mr12808729wie.46.1399844812986; Sun, 11 May 2014 14:46:52 -0700 (PDT) Received: from [172.16.3.125] (46-37-55-82.dsl.cnl.uk.net. [46.37.55.82]) by mx.google.com with ESMTPSA id vc2sm15217548wjc.2.2014.05.11.14.46.51 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 11 May 2014 14:46:52 -0700 (PDT) Message-ID: <536FEFC9.5050408@gmail.com> Date: Sun, 11 May 2014 22:46:49 +0100 From: Robert Bradley User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net References: <536E187E.4000800@gmail.com> In-Reply-To: <536E187E.4000800@gmail.com> X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues? X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2014 21:46:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/05/14 13:15, Robert Bradley wrote: > I noticed fairly recently that some Wi-Fi networks (Global Gossip, using filtered OpenDNS upstream) refused all dnssec-enabled requests with NXDOMAIN. This was testing with a custom-built dnsmasq 2.70 on Ubuntu, but the same setup works fine behind both CeroWRT and other DNSSEC-capable servers that I tried. I eventually tracked this down to issues with 208.67.222.222 and EDNS. If you disable dnssec on dnsmasq, it resorts to standard-length DNS queries and name resolution works. This seems to be network-specific though; requests from home seem to get through fine. As an aside, this was a pain to debug since Ubuntu's dig defaults to EDNS-enabled requests. These all fail even if you have "working" dnsmasq and route queries via that... - -- Robert Bradley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTb++2AAoJEGK/UXZZ8Ak6jHYP/3cJ6CHWAuJw0e+XwDGeScRW uNx2qhBmQUZQIKSToep5fUiLidcOvOZ5+t2QUEtc5f8fIuhtooKlJqTNQEVQ/lNT ideHNjgL7Ca0Lsurvx04RqFiHLRkuJCO/ql4WTvTebunVX4pdDEMz1jz+WoIGZJq SbTQ/poATRUuQwdpet9PHOkPwxxyeS4uWYaFFBxwGzH/f6ha2vnnwvmUWC+qT3WI /0MBtXK65aMD6sUkbhI8A2CrddBCq9VLTc+V9KMK0JHNXyRYBROK88kgVr/n3TJC NTJuJN/+RwbSsJYJtRasB7hejnKtiWz6eiIAV0oDYV4AbBx8ZQT00htezXOkIjMD 9tJaHJLVzfUyJB6pxJM53tpOwIcmu/gkKsjAYBOiK6jOgIC4qL06/zQBv+IqsJEw 3WSs2cOXNCmzkZ2QZwxM1kCU6M6P21+vj+64EBwWCs+ltSVQkTMZwxojBTOXpZud 9KzrBODhx6ksHKgXTslS4ljMFMGQbOekcWyXQL89ZxGyzT7SbwmFBnPSP4LNpkn9 c7DKowWPaJY5NxtSJoYM8ImI2ut28SLpHgsTY6hmYpCWvJy8J2H/HCsSJwLb36qt FNmCSZfx2KRKFI7k0L+babXfl7lMgIwVo59OmBAXT8hDtMEWDyxOQ8tdcTk3VArJ 6/kMuPtkDLsvH80LQMAe =HVAh -----END PGP SIGNATURE-----