From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <robert.bradley1@gmail.com>
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com
	[IPv6:2a00:1450:400c:c05::229])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 51C3621F1FA
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 11 May 2014 14:46:55 -0700 (PDT)
Received: by mail-wi0-f169.google.com with SMTP id hi2so4668589wib.0
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 11 May 2014 14:46:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	bh=YinCYdmU/s8K3gyCC30QLCm4G49bQkXGW4URS+/Qgp8=;
	b=O6LhG5N3uZVuHamq/LKf8yNIw/wMcNtCkPTtWndGEQ4u/LMKCh0KyITygnu3pxaJ/r
	tt0/4UL/eJoTu7rKcnF5SlcVXdkYo2NBXMWSRIaoVPn15iWAU9mz5zptJ7e2OwQvAlOS
	G46DL8LSXjy9m40Hfi/99dwM3v2ecFhdp/etviGL1s5cKBjyW8gtzX+BHq2tObY9BF05
	RaNniX0RpAXZXJoN2Hsd67Bb2JxTnmTk/VStTpuygFR2vpdurr7xALlVTAxNvoj0HcEP
	giFabbAZRTpYYCZBXHIaxEZvfkCBWuYszO1V4QmSlbnNFGcpsGc329Vkn3BcPJLx1bPt
	Fqrg==
X-Received: by 10.180.19.167 with SMTP id g7mr12808729wie.46.1399844812986;
	Sun, 11 May 2014 14:46:52 -0700 (PDT)
Received: from [172.16.3.125] (46-37-55-82.dsl.cnl.uk.net. [46.37.55.82])
	by mx.google.com with ESMTPSA id vc2sm15217548wjc.2.2014.05.11.14.46.51
	for <cerowrt-devel@lists.bufferbloat.net>
	(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Sun, 11 May 2014 14:46:52 -0700 (PDT)
Message-ID: <536FEFC9.5050408@gmail.com>
Date: Sun, 11 May 2014 22:46:49 +0100
From: Robert Bradley <robert.bradley1@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: cerowrt-devel@lists.bufferbloat.net
References: <CAGHZhqEoX=M4dAU1wKtdS4qe-kYHbv0+iTgSXzbj_ykeyrhxBQ@mail.gmail.com>
	<CAGHZhqHjVfGgO02uJp253wAuzJKUf-aGoOL1m+LASgTvx74SdA@mail.gmail.com>
	<536E187E.4000800@gmail.com>
In-Reply-To: <536E187E.4000800@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 21:46:56 -0000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/05/14 13:15, Robert Bradley wrote:
> I noticed fairly recently that some Wi-Fi networks (Global Gossip, using filtered OpenDNS upstream)
refused all dnssec-enabled requests with NXDOMAIN. This was testing with
a custom-built dnsmasq 2.70 on Ubuntu, but the same setup works fine
behind both CeroWRT and other DNSSEC-capable servers that I tried.

I eventually tracked this down to issues with 208.67.222.222 and EDNS. 
If you disable dnssec on dnsmasq, it resorts to standard-length DNS
queries and name resolution works.  This seems to be network-specific
though; requests from home seem to get through fine.  As an aside, this
was a pain to debug since Ubuntu's dig defaults to EDNS-enabled
requests.  These all fail even if you have "working" dnsmasq and route
queries via that...

- -- 
Robert Bradley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTb++2AAoJEGK/UXZZ8Ak6jHYP/3cJ6CHWAuJw0e+XwDGeScRW
uNx2qhBmQUZQIKSToep5fUiLidcOvOZ5+t2QUEtc5f8fIuhtooKlJqTNQEVQ/lNT
ideHNjgL7Ca0Lsurvx04RqFiHLRkuJCO/ql4WTvTebunVX4pdDEMz1jz+WoIGZJq
SbTQ/poATRUuQwdpet9PHOkPwxxyeS4uWYaFFBxwGzH/f6ha2vnnwvmUWC+qT3WI
/0MBtXK65aMD6sUkbhI8A2CrddBCq9VLTc+V9KMK0JHNXyRYBROK88kgVr/n3TJC
NTJuJN/+RwbSsJYJtRasB7hejnKtiWz6eiIAV0oDYV4AbBx8ZQT00htezXOkIjMD
9tJaHJLVzfUyJB6pxJM53tpOwIcmu/gkKsjAYBOiK6jOgIC4qL06/zQBv+IqsJEw
3WSs2cOXNCmzkZ2QZwxM1kCU6M6P21+vj+64EBwWCs+ltSVQkTMZwxojBTOXpZud
9KzrBODhx6ksHKgXTslS4ljMFMGQbOekcWyXQL89ZxGyzT7SbwmFBnPSP4LNpkn9
c7DKowWPaJY5NxtSJoYM8ImI2ut28SLpHgsTY6hmYpCWvJy8J2H/HCsSJwLb36qt
FNmCSZfx2KRKFI7k0L+babXfl7lMgIwVo59OmBAXT8hDtMEWDyxOQ8tdcTk3VArJ
6/kMuPtkDLsvH80LQMAe
=HVAh
-----END PGP SIGNATURE-----