From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gettysjim@gmail.com>
Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com
	[IPv6:2607:f8b0:4003:c01::22b])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id AEF4221F203
	for <cerowrt-devel@lists.bufferbloat.net>;
	Mon, 28 Apr 2014 09:55:12 -0700 (PDT)
Received: by mail-ob0-f171.google.com with SMTP id uy5so7629924obc.2
	for <cerowrt-devel@lists.bufferbloat.net>;
	Mon, 28 Apr 2014 09:55:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:date:message-id:subject:from:to:content-type;
	bh=fRJkJ9q8Ha0ZbbGWQfwjzH/v2tR9JJOU65vuw2yWbUU=;
	b=SOYzmJ9CyDYn+t/7YG/++emSGfG8BbwpwluhnefHOCZYGNXe2ZvI/Xdg89mTpBa+xy
	kv+hky8GLtwzu5TyD6UH8HyA/C6JGWrKtcN2CpBG6lhDQYTt6ToJt9KPWpwVsnNyISxg
	JKRzToj+SYdN4wN8XowQhCKRqjvjgJlSdFhHJi4wzK71mDWHFyqe086lPI0ZOee7tH0i
	YK0r8MZor259kLGEy+BW5jvgB5r+v1D6CHep9Qu8KUGnvdNPCbt2MaB8wXMIsuloIvlc
	Y+PP3y+vkmueJ5eaOvsBOBS50bCs9v0WhCoMNI/x0/TW5NPsHMu7UIluNStB2WETo0yX
	WcZA==
MIME-Version: 1.0
X-Received: by 10.60.125.195 with SMTP id ms3mr23242930oeb.3.1398704111334;
	Mon, 28 Apr 2014 09:55:11 -0700 (PDT)
Sender: gettysjim@gmail.com
Received: by 10.76.73.100 with HTTP; Mon, 28 Apr 2014 09:55:11 -0700 (PDT)
Date: Mon, 28 Apr 2014 12:55:11 -0400
X-Google-Sender-Auth: n91ui_-lb08KTLiyHTiJLuoAil4
Message-ID: <CAGhGL2BeuvR4bNqWbTF5FfNnwW0LC28-z_MJsCQLpb8izHK2oA@mail.gmail.com>
From: Jim Gettys <jg@freedesktop.org>
To: "cerowrt-devel@lists.bufferbloat.net"
	<cerowrt-devel@lists.bufferbloat.net>, 
	dnsmasq-discuss <Dnsmasq-discuss@lists.thekelleys.org.uk>
Content-Type: multipart/alternative; boundary=047d7b33cf28b3bb9d04f81d2d05
Subject: [Cerowrt-devel] Problems with DNSsec on Comcast,
	with Cero 3.10.38-1/DNSmasq 4-26-2014
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 16:55:13 -0000

--047d7b33cf28b3bb9d04f81d2d05
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

=E2=80=8B=E2=80=8BComcast recently lit up IPv6 native dual stack in the Bos=
ton area.

The http://test-ipv6.com/ web site complains about DNS problems unless
dnssec is disabled; if it is, I get various timeouts.

Test with IPv4 DNS record
ok (4.196s)
Test with IPv6 DNS record
ok (0.115s) using ipv6
Test with Dual Stack DNS record
timeout (11.882s)
Test for Dual Stack DNS and large packet
timeout (11.817s)
Test IPv4 without DNS
ok (0.214s) using ipv4
Test IPv6 without DNS
ok (0.204s) using ipv6
Test IPv6 large packet
ok (0.120s) using ipv6
Test if your ISP's DNS server uses IPv6
slow (8.752s)
Find IPv4 Service Provider
timeout (11.968s)
Find IPv6 Service Provider
ok (0.126s) using ipv6 ASN 7922
Test for buggy DNS
undefined (5.003s)

DNS server addresses look reasonable for Comcast.
DNS 1: 75.75.75.75
DNS 2: 75.75.76.76
DNS 1: 2001:558:feed::1
DNS 2: 2001:558:feed::2

Today, the problem seems consistent with turning dnssec on and off on the
router.  If enabled, I have problems; if disabled, I get a clean bill of
health out of test-ipv6.com.
                                             - Jim

--047d7b33cf28b3bb9d04f81d2d05
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-size:small">=E2=
=80=8B=E2=80=8BComcast recently lit up IPv6 native dual stack in the Boston=
 area.</div><div class=3D"gmail_default" style=3D"font-size:small"><br></di=
v><div class=3D"gmail_default" style=3D"font-size:small">
The=C2=A0<a href=3D"http://test-ipv6.com/">http://test-ipv6.com/</a> web si=
te complains about DNS problems unless dnssec is disabled; if it is, I get =
various timeouts.</div><div class=3D"gmail_default" style=3D"font-size:smal=
l"><br>
</div><div class=3D"gmail_default" style=3D"font-size:small"><table cellpad=
ding=3D"3" border=3D"0" summary=3D"tests run, and pass/fail" style=3D"color=
:rgb(0,0,0);font-family:sans-serif;font-size:medium"><tbody><tr><td nowrap =
style=3D"vertical-align:top">
Test with IPv4 DNS record</td><td nowrap style=3D"vertical-align:top">=C2=
=A0</td><td nowrap style=3D"vertical-align:top"><div id=3D"sum_test_a" styl=
e=3D"width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,=
0,0)"><span class=3D"" style=3D"font-weight:bold;color:green">ok</span>=C2=
=A0(4.196s)</div>
</td></tr><tr><td nowrap style=3D"vertical-align:top">Test with IPv6 DNS re=
cord</td><td nowrap style=3D"vertical-align:top">=C2=A0</td><td nowrap styl=
e=3D"vertical-align:top"><div id=3D"sum_test_aaaa" style=3D"width:265px;mar=
gin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span class=3D"" style=3D"font-weight:bold;color:green">ok</span>=C2=A0(0.1=
15s) using ipv6</div></td></tr><tr><td nowrap style=3D"vertical-align:top">=
Test with Dual Stack DNS record</td><td nowrap style=3D"vertical-align:top"=
>=C2=A0</td><td nowrap style=3D"vertical-align:top">
<div id=3D"sum_test_ds" style=3D"width:265px;margin-left:auto;margin-right:=
auto;border:0px solid rgb(0,0,0)"><span class=3D"" style=3D"font-weight:bol=
d;color:red">timeout</span>=C2=A0(11.882s)</div></td></tr><tr><td nowrap st=
yle=3D"vertical-align:top">
Test for Dual Stack DNS and large packet</td><td nowrap style=3D"vertical-a=
lign:top">=C2=A0</td><td nowrap style=3D"vertical-align:top"><div id=3D"sum=
_test_dsmtu" style=3D"width:265px;margin-left:auto;margin-right:auto;border=
:0px solid rgb(0,0,0)">
<span class=3D"" style=3D"font-weight:bold;color:red">timeout</span>=C2=A0(=
11.817s)</div></td></tr><tr><td nowrap style=3D"vertical-align:top">Test IP=
v4 without DNS</td><td nowrap style=3D"vertical-align:top">=C2=A0</td><td n=
owrap style=3D"vertical-align:top">
<div id=3D"sum_test_ipv4" style=3D"width:265px;margin-left:auto;margin-righ=
t:auto;border:0px solid rgb(0,0,0)"><span class=3D"" style=3D"font-weight:b=
old;color:green">ok</span>=C2=A0(0.214s) using ipv4</div></td></tr><tr><td =
nowrap style=3D"vertical-align:top">
Test IPv6 without DNS</td><td nowrap style=3D"vertical-align:top">=C2=A0</t=
d><td nowrap style=3D"vertical-align:top"><div id=3D"sum_test_ipv6" style=
=3D"width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0=
,0)"><span class=3D"" style=3D"font-weight:bold;color:green">ok</span>=C2=
=A0(0.204s) using ipv6</div>
</td></tr><tr><td nowrap style=3D"vertical-align:top">Test IPv6 large packe=
t</td><td nowrap style=3D"vertical-align:top">=C2=A0</td><td nowrap style=
=3D"vertical-align:top"><div id=3D"sum_test_v6mtu" style=3D"width:265px;mar=
gin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span class=3D"" style=3D"font-weight:bold;color:green">ok</span>=C2=A0(0.1=
20s) using ipv6</div></td></tr><tr><td nowrap style=3D"vertical-align:top">=
Test if your ISP&#39;s DNS server uses IPv6</td><td nowrap style=3D"vertica=
l-align:top">
=C2=A0</td><td nowrap style=3D"vertical-align:top"><div id=3D"sum_test_v6ns=
" style=3D"width:265px;margin-left:auto;margin-right:auto;border:0px solid =
rgb(0,0,0)"><span class=3D"" style=3D"font-weight:bold;color:orange">slow</=
span>=C2=A0(8.752s)</div>
</td></tr><tr><td nowrap style=3D"vertical-align:top">Find IPv4 Service Pro=
vider</td><td nowrap style=3D"vertical-align:top">=C2=A0</td><td nowrap sty=
le=3D"vertical-align:top"><div id=3D"sum_test_asn4" style=3D"width:265px;ma=
rgin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span class=3D"" style=3D"font-weight:bold;color:red">timeout</span>=C2=A0(=
11.968s)</div></td></tr><tr><td nowrap style=3D"vertical-align:top">Find IP=
v6 Service Provider</td><td nowrap style=3D"vertical-align:top">=C2=A0</td>=
<td nowrap style=3D"vertical-align:top">
<div id=3D"sum_test_asn6" style=3D"width:265px;margin-left:auto;margin-righ=
t:auto;border:0px solid rgb(0,0,0)"><span class=3D"" style=3D"font-weight:b=
old;color:green">ok</span>=C2=A0(0.126s) using ipv6 ASN 7922</div></td></tr=
><tr class=3D"">
<td nowrap style=3D"vertical-align:top">Test for buggy DNS</td><td nowrap s=
tyle=3D"vertical-align:top">=C2=A0</td><td nowrap style=3D"vertical-align:t=
op"><div id=3D"sum_test_buggydns1" style=3D"width:265px;margin-left:auto;ma=
rgin-right:auto;border:0px solid rgb(0,0,0)">
<span class=3D"" style=3D"font-weight:bold;color:green">undefined</span>=C2=
=A0(5.003s)</div><div><br></div></td></tr></tbody></table></div><div class=
=3D"gmail_default" style=3D"font-size:small">DNS server addresses look reas=
onable for Comcast.</div>
<div class=3D"gmail_default"><div class=3D"gmail_default">DNS 1: 75.75.75.7=
5</div><div class=3D"gmail_default">DNS 2: 75.75.76.76</div><div class=3D"g=
mail_default"><div class=3D"gmail_default">DNS 1: 2001:558:feed::1</div><di=
v class=3D"gmail_default">
DNS 2: 2001:558:feed::2</div><div class=3D"gmail_default"><br></div></div><=
/div><div class=3D"gmail_default" style=3D"font-size:small">Today, the prob=
lem seems consistent with turning dnssec on and off on the router. =C2=A0If=
 enabled, I have problems; if disabled, I get a clean bill of health out of=
 <a href=3D"http://test-ipv6.com">test-ipv6.com</a>.</div>
<div class=3D"gmail_default" style=3D"font-size:small">=C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0- Jim</di=
v><div class=3D"gmail_default" style=3D"font-size:small"><br></div></div>

--047d7b33cf28b3bb9d04f81d2d05--