From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id E373E21F1FA for ; Wed, 23 Apr 2014 10:29:12 -0700 (PDT) Received: by mail-wi0-f177.google.com with SMTP id cc10so1528769wib.10 for ; Wed, 23 Apr 2014 10:29:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=5p0ZtuTno5VG/YnVU9wvrLLx+d6GexHExCJTRGGhmEs=; b=QDjqFnCf/YL2wdozwmAEUlT1/PquYCgmZUGCvZbbZdv1HzEbBIRA8tpcZYoyKrPxDo fmhrFcFZWHLoR8IIPJ2Xe+mCAiGDlErXI29Ieb2TL61Po2hW5sJCngYKc9BcnTh8OY9p tWJ/cpaF40G/ZSlNNYcp0YpiCg3hSfkE2e+woSDKyXtHmvbhPrFdtkO67YGHUiSoBEI4 677bcAgzQlgDHCWegRlqF5DhKpBXmxGdLDLymsOTipdU+98EFqGfa9J9183ed2mq8D7G zNJ5CCESC3x4jREMMqBOhOmXHEHsVM/ZEIfj31Tth2EN8Hsi1se49EGXNt5N8aC8anoC caQg== MIME-Version: 1.0 X-Received: by 10.180.14.72 with SMTP id n8mr2706085wic.53.1398274150949; Wed, 23 Apr 2014 10:29:10 -0700 (PDT) Received: by 10.216.207.82 with HTTP; Wed, 23 Apr 2014 10:29:10 -0700 (PDT) In-Reply-To: References: <5357E336.6070406@thekelleys.org.uk> <5357EDE7.2000409@gmail.com> Date: Wed, 23 Apr 2014 10:29:10 -0700 Message-ID: From: Dave Taht To: Aaron Wood Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: dnsmasq-discuss , cerowrt-devel Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] more dnssec failures X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2014 17:29:13 -0000 On Wed, Apr 23, 2014 at 10:18 AM, Aaron Wood wrote: > On Wed, Apr 23, 2014 at 6:44 PM, Robert Bradley > wrote: >> >> >> > ; <<>> DiG 9.8.1-P1 <<>> +cd @8.8.8.8 a >> > e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net >> >> > >> > But a query for DS on the same domain, which is what dnsmasq does next= , >> > returns SERVFAIL, _even_with_ checking disabled. >> > >> > ; <<>> DiG 9.8.1-P1 <<>> +cd @8.8.8.8 ds >> > e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net >> >> >> This looks identical to the *.cloudflare.com issue I had last week. In >> both cases, using Level 3's 4.2.2.2 instead of Google DNS works fine, >> and 8.8.8.8 returns SERVFAIL for DS lookups. This looks like a bug in >> Google's DNS servers as opposed to dnsmasq... > > > A question about dnsmasq and multiple servers. If I listed both 4.2.2.2 = and > 8.8.8.8 in my dnsmasq configuration, how would dnsmasq behave in this cas= e? > would it query both for the DS? or just "stick" with the first server to > start responding with an A-record? By default dnsmasq probes for a "best" upstream dns server periodically and uses that. > > (I confess that I don't know the details of DNS very well) > > -Aaron > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --=20 Dave T=C3=A4ht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_= indecent.article