From: Robert Bradley <robert.bradley1@gmail.com>
To: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
Date: Sun, 11 May 2014 22:48:32 +0100 [thread overview]
Message-ID: <536FF030.8030109@gmail.com> (raw)
In-Reply-To: <536E187E.4000800@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/05/14 13:15, Robert Bradley wrote:
>
> I noticed fairly recently that some Wi-Fi networks (Global
> Gossip, using filtered OpenDNS upstream) refused all dnssec-enabled
> requests with NXDOMAIN. This was testing with a custom-built dnsmasq
> 2.70 on Ubuntu, but the same setup works fine behind both CeroWRT and
> other DNSSEC-capable servers that I tried.
>
I eventually tracked this down to issues with 208.67.222.222 and EDNS.
If you disable dnssec on dnsmasq, it resorts to standard-length DNS
queries and name resolution works. This seems to be network-specific
though; requests from home seem to get through fine. As an aside, this
was a pain to debug since Ubuntu's dig defaults to EDNS-enabled
requests. These all fail even if you have "working" dnsmasq and route
queries via that...
- --
Robert Bradley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTb/AvAAoJEGK/UXZZ8Ak62pkQAJbibqqn7zUSB8tjsCDZcbW/
dP8SwYHsO3igsyQEbQuJsFuhZd/hY5Hp18twEa9xlmzNAMBuHRlVxR8ii3twqoov
y6fP6wNwbRCbpyV5vHRLX/LeGuAz6WkkftJKRWj2eNpQ1D72qtfVRTCoY6dvQD8+
YiieRl2oeyqRT81X0NQhHr6SKlzydOiPCxudSzNPLhLCNy3YmGFLs5peeVlbNEcI
5vcryX4NOwrP4prry6WuZLJd0CTavy5zMNb/aD+Bihf6a39rUo5EOskmvpsdFnYV
hVpa3uBSken5hOrDkjFWJ3p0gbw8L7L6nhFEyimh7uu3s+BVQcuPwGQxkI7yeqUA
zQyWCNnkJSWVwsWRZz0LJ74cPcJImR3aV8ARfhxN5dcQLkFUCp3Y045LleIwEPQb
F+FcOl9HJEjWobWmZkka3f3kEzDFFk31iiC5RCuj9UW29W1ShuqG8F41a3/RHhUb
EbuNXx1QhdsJhx0t+DtBVIl8Oq34MjFNdanGO4LKtdqYM8RHEeQE8RWJy1O7m8Ri
TtpUjg4T62sZ6EpA9VieBfI2Z/xtZCNXwE5hiS/GmZhwaT0OSKjsPWumT0l4AkrB
NoC0PstOb4e1TTELV1uw24krZ7hGJWrci3Nv3jijBiZQ47xi+88kcWIeVzH0GWYs
MdyTLHUqBM6NTsrUPyUF
=VWWv
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2014-05-11 21:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-09 9:34 Aristar
2014-05-09 16:17 ` Aristar
2014-05-10 12:15 ` Robert Bradley
2014-05-11 21:46 ` Robert Bradley
2014-05-11 21:48 ` Robert Bradley [this message]
2014-05-10 18:42 ` Aristar
2014-05-12 8:09 ` Maciej Soltysiak
2014-05-11 11:54 ` Sebastian Moeller
2014-05-11 12:14 ` Aristar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536FF030.8030109@gmail.com \
--to=robert.bradley1@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox