From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <white.phoenix@gmail.com>
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com
	[IPv6:2607:f8b0:4002:c07::232])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 1E0FD21F3EC
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 11 May 2014 05:14:43 -0700 (PDT)
Received: by mail-yk0-f178.google.com with SMTP id 20so5082633yks.9
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 11 May 2014 05:14:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:from:date:message-id
	:subject:to:cc:content-type:content-transfer-encoding;
	bh=ulvbTSYPcJgrlhiyixjX54fgkzKE1SOJxWjslSvUO2I=;
	b=gxyZLzEJtFLBqmKtTocBs4xWNYk6230nVHy4n9vALvCRvGV9izd1etz+Zd87gXrB7s
	TIYmG2oz2Qn00E+CrbchuRrIKAS1g3jsALqEKxIc4Ucu+L+gQxmvFmHr8Jk9YnPZnDfW
	tmH9NcB9TvRuoTA1DWV19aHohaFHlJ1UF/jnZvqAzSBAKqt79IbGoPe5gw3KFMr3T4sU
	/l578nYtixI6H7O70Abq/JzPgyv2+5uDmpa2H5dRlNmTJtPx4P+Bq972aBgDtDn6uMAK
	WwjP+1+P6jb+vQvhNI9UiTWZQc6A1UxSgYSiR19XeRE6XaSFDm5cwUKzIW+iI+C8DtU8
	Y7Wg==
X-Received: by 10.236.206.137 with SMTP id l9mr31732426yho.105.1399810480328; 
	Sun, 11 May 2014 05:14:40 -0700 (PDT)
MIME-Version: 1.0
Sender: white.phoenix@gmail.com
Received: by 10.170.114.208 with HTTP; Sun, 11 May 2014 05:14:10 -0700 (PDT)
In-Reply-To: <BE017D02-8582-4C90-9794-741499925E5E@gmx.de>
References: <CAGHZhqEoX=M4dAU1wKtdS4qe-kYHbv0+iTgSXzbj_ykeyrhxBQ@mail.gmail.com>
	<CAGHZhqHjVfGgO02uJp253wAuzJKUf-aGoOL1m+LASgTvx74SdA@mail.gmail.com>
	<BE017D02-8582-4C90-9794-741499925E5E@gmx.de>
From: Aristar <LeetMiniWheat@gmail.com>
Date: Sun, 11 May 2014 08:14:10 -0400
X-Google-Sender-Auth: ihhfTa6nBGDBGQrnqpuCLU_Ce5s
Message-ID: <CAGHZhqGSVbwRjGkQCSgESx0HtOj7jSzyGedx8VKOvhb8cjKOWw@mail.gmail.com>
To: Sebastian Moeller <moeller0@gmx.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 11 May 2014 12:14:43 -0000

Didn't see any release notes for anything newer than 3.10.38-1 so I
presumed they might be untested builds, so I didn't want to risk it on
my main gateway router. I've been waiting for a stable release but the
recent security vuln made 3.7.5 unviable.

Looking for the most stable release possible (without security vulns)
if anyone has any suggestions

On Sun, May 11, 2014 at 7:54 AM, Sebastian Moeller <moeller0@gmx.de> wrote:
> Hi Aristar,
>
>
> On May 9, 2014, at 18:17 , Aristar <LeetMiniWheat@gmail.com> wrote:
>
>> Okay I figured it out. It was DNSSEC I didn't realize it was enabled
>> by default so I had to comment out the lines in /etc/dnsmasq.conf but
>> I still had to manually specify a nameservers in a separate config
>> under LUCI Network>DHCP and DNS>Resolv and Hosts Files>"Resolve file"
>> and all is well again.
>
>         I think Dave changed the default for 3.10.38-2 to avoid the negat=
ive proof checks, and that, at least on my system, made automatic DNS confi=
guration though my upstream router functional again. I had the same issues =
as you with 3.10.38-1 and some earlier ones. So you might want to test the =
latest cerowrt to see whether that solves the issue. (I think there was som=
e discussion of how DNS recurs or work differently with DNSSEC than dnsmasq=
, which operates as a forwarder.)
>
> Best Regards
>         Sebastian
>
>>
>> Now to set up dnscrypt-proxy again which actually has a repository now
>> and instructions for building from source. (Seems more reliable than
>> DNSSEC anyways, though I have not read too much on DNSSEC).
>>
>> src/gz exopenwrt http://exopenwrt.and.in.net/ar71xx/packages
>>
>> https://forum.openwrt.org/viewtopic.php?id=3D36380&p=3D1
>>
>>
>> On Fri, May 9, 2014 at 5:34 AM, Aristar <LeetMiniWheat@gmail.com> wrote:
>>> Sorry if this is a dumb question but I'm not sure what's changed since
>>> 3.7.5 but I can't get DNS working. my resolv.conf says 127.0.0.1, the
>>> /tmp/resolv.conf.auto has valid dns servers and I can't resolve
>>> anything locally on the router via ssh or on any client device. I CAN
>>> get dns LOCAL only if I add a dns server to /etc/resolv.conf but
>>> clients using nameserver 172.30.42.1 can't
>>>
>>> Any ideas? I did a fresh install/clean configs and it isn't working
>>> out of the box or with any GUI or manual editing I've tried.
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>