From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [IPv6:2607:f8b0:4003:c01::22b]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id AEF4221F203 for ; Mon, 28 Apr 2014 09:55:12 -0700 (PDT) Received: by mail-ob0-f171.google.com with SMTP id uy5so7629924obc.2 for ; Mon, 28 Apr 2014 09:55:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=fRJkJ9q8Ha0ZbbGWQfwjzH/v2tR9JJOU65vuw2yWbUU=; b=SOYzmJ9CyDYn+t/7YG/++emSGfG8BbwpwluhnefHOCZYGNXe2ZvI/Xdg89mTpBa+xy kv+hky8GLtwzu5TyD6UH8HyA/C6JGWrKtcN2CpBG6lhDQYTt6ToJt9KPWpwVsnNyISxg JKRzToj+SYdN4wN8XowQhCKRqjvjgJlSdFhHJi4wzK71mDWHFyqe086lPI0ZOee7tH0i YK0r8MZor259kLGEy+BW5jvgB5r+v1D6CHep9Qu8KUGnvdNPCbt2MaB8wXMIsuloIvlc Y+PP3y+vkmueJ5eaOvsBOBS50bCs9v0WhCoMNI/x0/TW5NPsHMu7UIluNStB2WETo0yX WcZA== MIME-Version: 1.0 X-Received: by 10.60.125.195 with SMTP id ms3mr23242930oeb.3.1398704111334; Mon, 28 Apr 2014 09:55:11 -0700 (PDT) Sender: gettysjim@gmail.com Received: by 10.76.73.100 with HTTP; Mon, 28 Apr 2014 09:55:11 -0700 (PDT) Date: Mon, 28 Apr 2014 12:55:11 -0400 X-Google-Sender-Auth: n91ui_-lb08KTLiyHTiJLuoAil4 Message-ID: From: Jim Gettys To: "cerowrt-devel@lists.bufferbloat.net" , dnsmasq-discuss Content-Type: multipart/alternative; boundary=047d7b33cf28b3bb9d04f81d2d05 Subject: [Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2014 16:55:13 -0000 --047d7b33cf28b3bb9d04f81d2d05 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =E2=80=8B=E2=80=8BComcast recently lit up IPv6 native dual stack in the Bos= ton area. The http://test-ipv6.com/ web site complains about DNS problems unless dnssec is disabled; if it is, I get various timeouts. Test with IPv4 DNS record ok (4.196s) Test with IPv6 DNS record ok (0.115s) using ipv6 Test with Dual Stack DNS record timeout (11.882s) Test for Dual Stack DNS and large packet timeout (11.817s) Test IPv4 without DNS ok (0.214s) using ipv4 Test IPv6 without DNS ok (0.204s) using ipv6 Test IPv6 large packet ok (0.120s) using ipv6 Test if your ISP's DNS server uses IPv6 slow (8.752s) Find IPv4 Service Provider timeout (11.968s) Find IPv6 Service Provider ok (0.126s) using ipv6 ASN 7922 Test for buggy DNS undefined (5.003s) DNS server addresses look reasonable for Comcast. DNS 1: 75.75.75.75 DNS 2: 75.75.76.76 DNS 1: 2001:558:feed::1 DNS 2: 2001:558:feed::2 Today, the problem seems consistent with turning dnssec on and off on the router. If enabled, I have problems; if disabled, I get a clean bill of health out of test-ipv6.com. - Jim --047d7b33cf28b3bb9d04f81d2d05 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
=E2= =80=8B=E2=80=8BComcast recently lit up IPv6 native dual stack in the Boston= area.

The=C2=A0http://test-ipv6.com/ web si= te complains about DNS problems unless dnssec is disabled; if it is, I get = various timeouts.

=
Test with IPv4 DNS record=C2= =A0
ok=C2= =A0(4.196s)
Test with IPv6 DNS re= cord=C2=A0
ok=C2=A0(0.1= 15s) using ipv6
= Test with Dual Stack DNS record=C2=A0
timeout=C2=A0(11.882s)
Test for Dual Stack DNS and large packet=C2=A0
timeout=C2=A0(= 11.817s)
Test IP= v4 without DNS=C2=A0
ok=C2=A0(0.214s) using ipv4
Test IPv6 without DNS=C2=A0
ok=C2= =A0(0.204s) using ipv6
Test IPv6 large packe= t=C2=A0
ok=C2=A0(0.1= 20s) using ipv6
= Test if your ISP's DNS server uses IPv6 =C2=A0
slow=C2=A0(8.752s)
Find IPv4 Service Pro= vider=C2=A0
timeout=C2=A0(= 11.968s)
Find IP= v6 Service Provider=C2=A0
ok=C2=A0(0.126s) using ipv6 ASN 7922
Test for buggy DNS=C2=A0
undefined=C2= =A0(5.003s)

DNS server addresses look reas= onable for Comcast.
DNS 1: 75.75.75.7= 5
DNS 2: 75.75.76.76
DNS 1: 2001:558:feed::1
DNS 2: 2001:558:feed::2

<= /div>
Today, the prob= lem seems consistent with turning dnssec on and off on the router. =C2=A0If= enabled, I have problems; if disabled, I get a clean bill of health out of= test-ipv6.com.
=C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0- Jim

--047d7b33cf28b3bb9d04f81d2d05--