From: Aristar <LeetMiniWheat@gmail.com>
To: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>,
robert.bradley1@gmail.com
Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
Date: Sat, 10 May 2014 14:42:46 -0400 [thread overview]
Message-ID: <CAGHZhqEVLc3vAj7+j225BM_SW3c4KQouwy9c_62E5d2KGG0SFQ@mail.gmail.com> (raw)
In-Reply-To: <CAGHZhqHjVfGgO02uJp253wAuzJKUf-aGoOL1m+LASgTvx74SdA@mail.gmail.com>
I didn't specify any DNS servers so I guess it was using my ISP's dns
servers (verizon FiOS). As I said I didn't realize DNSSEC was enabled
by default now. but even with it disabled it doesn't seem to work out
of the box anymore without a manually set resolv file.
dnscrypt-proxy is working great though (without needing a resolv
file), it runs as a daemon and sets up an encrypted connection to
OpenDNS servers which you then specifcy 127.0.0.1#2053 for dns
forwarding. I suggested this be added to CeroWRT awhile ago but there
wasn't much interest, nor any official packages available, though that
thread I linked above in this thread has a repository and a maintainer
in the forum thread with a source repo.
>Out of interest, which upstream DNS servers were you using when DNSSEC
>was blocked? I noticed fairly recently that some Wi-Fi networks (Global
>Gossip, using filtered OpenDNS upstream) refused all dnssec-enabled
>requests with NXDOMAIN. This was testing with a custom-built dnsmasq
>2.70 on Ubuntu, but the same setup works fine behind both CeroWRT and
>other DNSSEC-capable servers that I tried.
>
>--
>Robert Bradley
On Fri, May 9, 2014 at 12:17 PM, Aristar <LeetMiniWheat@gmail.com> wrote:
> Okay I figured it out. It was DNSSEC I didn't realize it was enabled
> by default so I had to comment out the lines in /etc/dnsmasq.conf but
> I still had to manually specify a nameservers in a separate config
> under LUCI Network>DHCP and DNS>Resolv and Hosts Files>"Resolve file"
> and all is well again.
>
> Now to set up dnscrypt-proxy again which actually has a repository now
> and instructions for building from source. (Seems more reliable than
> DNSSEC anyways, though I have not read too much on DNSSEC).
>
> src/gz exopenwrt http://exopenwrt.and.in.net/ar71xx/packages
>
> https://forum.openwrt.org/viewtopic.php?id=36380&p=1
>
>
> On Fri, May 9, 2014 at 5:34 AM, Aristar <LeetMiniWheat@gmail.com> wrote:
>> Sorry if this is a dumb question but I'm not sure what's changed since
>> 3.7.5 but I can't get DNS working. my resolv.conf says 127.0.0.1, the
>> /tmp/resolv.conf.auto has valid dns servers and I can't resolve
>> anything locally on the router via ssh or on any client device. I CAN
>> get dns LOCAL only if I add a dns server to /etc/resolv.conf but
>> clients using nameserver 172.30.42.1 can't
>>
>> Any ideas? I did a fresh install/clean configs and it isn't working
>> out of the box or with any GUI or manual editing I've tried.
next prev parent reply other threads:[~2014-05-10 18:43 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-09 9:34 Aristar
2014-05-09 16:17 ` Aristar
2014-05-10 12:15 ` Robert Bradley
2014-05-11 21:46 ` Robert Bradley
2014-05-11 21:48 ` Robert Bradley
2014-05-10 18:42 ` Aristar [this message]
2014-05-12 8:09 ` Maciej Soltysiak
2014-05-11 11:54 ` Sebastian Moeller
2014-05-11 12:14 ` Aristar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGHZhqEVLc3vAj7+j225BM_SW3c4KQouwy9c_62E5d2KGG0SFQ@mail.gmail.com \
--to=leetminiwheat@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=robert.bradley1@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox