From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com
	[IPv6:2a00:1450:400c:c00::230])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 3576621F23A
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sat, 19 Apr 2014 12:19:12 -0700 (PDT)
Received: by mail-wg0-f48.google.com with SMTP id l18so1489401wgh.31
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sat, 19 Apr 2014 12:19:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=aalLSPyPpgd3EZ+97E7BPjLArWPMKC7OsCdL0akcG7k=;
	b=CcDCp8eBSS/HYmvMBO1zoMKGon5nTsIruS7kI2505GeAZvfhRz1ZUVbyrO0pTBv95c
	uwiv9+flcC+usOrglj24fzoLapzHJrJCqBlmZIwN+GpXT7K6Bg51qlrpYgS6m+dCtkuV
	M4Ou46xbmTqHMoGQuwB61eHVe8cgELK7kJkDk3BQ2S7+suSaBNvzOY+GylJWjoWKvZUy
	Xx7zHgNhLpnN7K3Xnt95l0olsECR52Kto5CR3LQVRV03hLG/9e2HscIFJbgxpmMjW+FA
	c+C5AH3/83LscaCrV025VIcI+X+MMEmX1m4h2toTwNs4spVOSXQOJ9tRqRzRFwULMlbe
	ShAw==
MIME-Version: 1.0
X-Received: by 10.180.97.37 with SMTP id dx5mr7522553wib.53.1397935149971;
	Sat, 19 Apr 2014 12:19:09 -0700 (PDT)
Received: by 10.216.177.10 with HTTP; Sat, 19 Apr 2014 12:19:09 -0700 (PDT)
In-Reply-To: <CALQXh-OOfYzoHLUb25oDV1YNvR+VEECpHRyrjpPk5tzUUE8Xbw@mail.gmail.com>
References: <CALQXh-OOfYzoHLUb25oDV1YNvR+VEECpHRyrjpPk5tzUUE8Xbw@mail.gmail.com>
Date: Sat, 19 Apr 2014 12:19:09 -0700
Message-ID: <CAA93jw6mtgE=zJ-Pp-H00ieNunUueMmyMGWGnLivPfPmgSpKOw@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: Aaron Wood <woody77@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] First DNSSEC failure with CeroWRT
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2014 19:19:12 -0000

I'm not sure if what you are actually seeing here is a failure or a
success! It does appear that this is
indeed a bogus DS.

http://dnssec-debugger.verisignlabs.com/sso-fi.bankofamerica.com

On Sat, Apr 19, 2014 at 2:43 AM, Aaron Wood <woody77@gmail.com> wrote:
> One of the many servers involved with BofA's online banking:
>
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver
> 8.8.4.4#53
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver
> 8.8.8.8#53
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using local addresse=
s
> only for domain home.lan
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: read /etc/hosts - 1
> addresses
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq-dhcp[29719]: read /etc/ether=
s -
> 0 addresses
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: query[A]
> saml-bac.onefiserv.com from 172.30.42.99
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded
> saml-bac.onefiserv.com to 8.8.4.4
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded
> saml-bac.onefiserv.com to 8.8.8.8
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: dnssec-query[DS]
> saml-bac.onefiserv.com to 8.8.4.4
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.onefiserv.com is BOGUS DS
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: validation result is
> BOGUS
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.onefiserv.com is <CNAME>
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.gslb.onefiserv.com is 64.128.98.58
>
>
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: query[A]
> sso-fi.bankofamerica.com from 172.30.42.99
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded
> sso-fi.bankofamerica.com to 8.8.4.4
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded
> sso-fi.bankofamerica.com to 8.8.8.8
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: dnssec-query[DS]
> sso-fi.bankofamerica.com to 8.8.8.8
> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: query[A]
> sso-fi.bankofamerica.com from 172.30.42.99
> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: dnssec retry to 8.8.=
8.8
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
> sso-fi.bankofamerica.com is BOGUS DS
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: validation result is
> BOGUS
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
> sso-fi.bankofamerica.com is <CNAME>
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.onefiserv.com is 64.128.98.58
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>



--=20
Dave T=C3=A4ht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_=
indecent.article