From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 4BC3D21F30B for ; Sun, 11 May 2014 14:48:36 -0700 (PDT) Received: by mail-wi0-f180.google.com with SMTP id hi2so3582866wib.13 for ; Sun, 11 May 2014 14:48:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=fjV4iPNicLC4IbonbW8TPF6UyL9vgGxljhS8Wgb/xCM=; b=cgKHjIvoHJ2jwgxxo5Ro0TGUTSMlO+amMSog7nKic6xEP+hRKGNpo/HvHsWKLTQVRn r9k9wqi9M1/EdbvRwcY5DSvOlM6Bawdf6MrdEe/WM0voFHgKxRNeZqeAXI0n0z/YDEct TwaNjcJ3/m4kCc3Gu2FEE3WfGwRM2xEIBfv43ROHA/I9vV7MdLDec8upymp4f2PnHi1U DSQQlpKxqG8Hfr8Ial9k/CGeqPUYRQIa1NJMKmus5TEVJRi1RHMOCwMA1SHLLhJ+nU/C JuDa7qP2PY0Q8qQZsPeNCsUc6A6n+GzcQFO5CIGsYVK89ptuY97skviNIBPdSAxbaT7h WIxw== X-Received: by 10.180.88.129 with SMTP id bg1mr12748553wib.51.1399844914702; Sun, 11 May 2014 14:48:34 -0700 (PDT) Received: from [172.16.3.125] (46-37-55-82.dsl.cnl.uk.net. [46.37.55.82]) by mx.google.com with ESMTPSA id d6sm12467057wiz.4.2014.05.11.14.48.33 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 11 May 2014 14:48:33 -0700 (PDT) Message-ID: <536FF030.8030109@gmail.com> Date: Sun, 11 May 2014 22:48:32 +0100 From: Robert Bradley User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net References: <536E187E.4000800@gmail.com> In-Reply-To: <536E187E.4000800@gmail.com> X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues? X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2014 21:48:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/05/14 13:15, Robert Bradley wrote: > > I noticed fairly recently that some Wi-Fi networks (Global > Gossip, using filtered OpenDNS upstream) refused all dnssec-enabled > requests with NXDOMAIN. This was testing with a custom-built dnsmasq > 2.70 on Ubuntu, but the same setup works fine behind both CeroWRT and > other DNSSEC-capable servers that I tried. > I eventually tracked this down to issues with 208.67.222.222 and EDNS. If you disable dnssec on dnsmasq, it resorts to standard-length DNS queries and name resolution works. This seems to be network-specific though; requests from home seem to get through fine. As an aside, this was a pain to debug since Ubuntu's dig defaults to EDNS-enabled requests. These all fail even if you have "working" dnsmasq and route queries via that... - -- Robert Bradley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTb/AvAAoJEGK/UXZZ8Ak62pkQAJbibqqn7zUSB8tjsCDZcbW/ dP8SwYHsO3igsyQEbQuJsFuhZd/hY5Hp18twEa9xlmzNAMBuHRlVxR8ii3twqoov y6fP6wNwbRCbpyV5vHRLX/LeGuAz6WkkftJKRWj2eNpQ1D72qtfVRTCoY6dvQD8+ YiieRl2oeyqRT81X0NQhHr6SKlzydOiPCxudSzNPLhLCNy3YmGFLs5peeVlbNEcI 5vcryX4NOwrP4prry6WuZLJd0CTavy5zMNb/aD+Bihf6a39rUo5EOskmvpsdFnYV hVpa3uBSken5hOrDkjFWJ3p0gbw8L7L6nhFEyimh7uu3s+BVQcuPwGQxkI7yeqUA zQyWCNnkJSWVwsWRZz0LJ74cPcJImR3aV8ARfhxN5dcQLkFUCp3Y045LleIwEPQb F+FcOl9HJEjWobWmZkka3f3kEzDFFk31iiC5RCuj9UW29W1ShuqG8F41a3/RHhUb EbuNXx1QhdsJhx0t+DtBVIl8Oq34MjFNdanGO4LKtdqYM8RHEeQE8RWJy1O7m8Ri TtpUjg4T62sZ6EpA9VieBfI2Z/xtZCNXwE5hiS/GmZhwaT0OSKjsPWumT0l4AkrB NoC0PstOb4e1TTELV1uw24krZ7hGJWrci3Nv3jijBiZQ47xi+88kcWIeVzH0GWYs MdyTLHUqBM6NTsrUPyUF =VWWv -----END PGP SIGNATURE-----