From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 13DBC21F263 for ; Sat, 19 Apr 2014 02:43:14 -0700 (PDT) Received: by mail-ig0-f172.google.com with SMTP id hn18so302348igb.11 for ; Sat, 19 Apr 2014 02:43:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=K/ZBWrTz9sUnxIkPPcJinIAug0eQFNABUfb3O72wlSk=; b=lGIIfbhUu974wmVxwIkVvqDm6JeZQg71oY75/jyFHhQobb2MjCFpDiI4jKrLvKOjEX Lg/me1wnnqVgM2vr6fpbfLONZwmF6VxXhr3esjj9srOanAi2zi9YgCwUmCElZl9gE5J0 cd5ww/0xHxbKk5Zm5xl0izIMIB/8CozXaBsZlFkrsPjNSEdgcNr1UryKohaBYdPe0NAD nVexenZEx29bYkWBxBcCRWyhfuX4GLdhx8eVUh/R8deRqD2BbRdyAFUnsJWOAcU+rC+O G9hEf0H1Sf0MTfA5cvwMEBbOnNSxnYMi468TNeXTYHzRLKurhtoh2xfyX1N0DgxURtGg SgGg== MIME-Version: 1.0 X-Received: by 10.43.180.133 with SMTP id pe5mr545855icc.71.1397900593143; Sat, 19 Apr 2014 02:43:13 -0700 (PDT) Received: by 10.64.238.70 with HTTP; Sat, 19 Apr 2014 02:43:13 -0700 (PDT) Date: Sat, 19 Apr 2014 11:43:13 +0200 Message-ID: From: Aaron Wood To: cerowrt-devel Content-Type: multipart/alternative; boundary=001a11c3e02e49267804f762189d Subject: [Cerowrt-devel] First DNSSEC failure with CeroWRT X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Apr 2014 09:43:14 -0000 --001a11c3e02e49267804f762189d Content-Type: text/plain; charset=UTF-8 One of the many servers involved with BofA's online banking: Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver 8.8.4.4#53 Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver 8.8.8.8#53 Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using local addresses only for domain home.lan Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: read /etc/hosts - 1 addresses Sat Apr 19 09:37:37 2014 daemon.info dnsmasq-dhcp[29719]: read /etc/ethers - 0 addresses Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: query[A] saml-bac.onefiserv.com from 172.30.42.99 Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded saml-bac.onefiserv.com to 8.8.4.4 Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded saml-bac.onefiserv.com to 8.8.8.8 Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: dnssec-query[DS] saml-bac.onefiserv.com to 8.8.4.4 Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply saml-bac.onefiserv.com is BOGUS DS Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: validation result is BOGUS Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply saml-bac.onefiserv.com is Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply saml-bac.gslb.onefiserv.com is 64.128.98.58 Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: query[A] sso-fi.bankofamerica.com from 172.30.42.99 Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded sso-fi.bankofamerica.com to 8.8.4.4 Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded sso-fi.bankofamerica.com to 8.8.8.8 Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: dnssec-query[DS] sso-fi.bankofamerica.com to 8.8.8.8 Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: query[A] sso-fi.bankofamerica.com from 172.30.42.99 Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: dnssec retry to 8.8.8.8 Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply sso-fi.bankofamerica.com is BOGUS DS Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: validation result is BOGUS Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply sso-fi.bankofamerica.com is Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply saml-bac.onefiserv.com is 64.128.98.58 --001a11c3e02e49267804f762189d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
One of the many servers involved with BofA's online ba= nking:

Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver 8.8.4.4#53
Sat Apr 19 09:37:37= 2014 daemon.info dnsmasq[29719]: using = local addresses only for domain home.lan
Sat Apr 19 09:37:= 37 2014 daemon.info dnsmasq-dhcp[29719]:= read /etc/ethers - 0 addresses
Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: query[A] saml-b= ac.onefiserv.com from 172.30.42.99
Sat Apr 19 09:37:39 2014 <= a href=3D"http://daemon.info">daemon.info dnsmasq[29719]: forwarded saml-bac.onefiserv.com to 8.8.4.= 4
Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: dnssec-query[DS] saml-bac.onefiserv.com to 8.8.4= .4
Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: validation result is B= OGUS
Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply saml-bac.gslb.onefiserv.com is 64.1= 28.98.58


Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: query[A] sso-fi.bankofamerica.com from 172.30.42.99
Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded sso-fi.bankofamerica.com to 8.8.= 8.8
Sat Apr 19 09:38:05 2= 014 daemon.info dnsmasq[29719]: query[A]= sso-fi.bankofamerica.com f= rom 172.30.42.99
Sat Apr 19 09:38:06 = 2014 daemon.info dnsmasq[29719]: reply <= a href=3D"http://sso-fi.bankofamerica.com">sso-fi.bankofamerica.com is = <CNAME>
Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply saml-bac.= onefiserv.com is 64.128.98.58
--001a11c3e02e49267804f762189d--