Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed
From: Aaron Wood <woody77@gmail.com>
To: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>,
	 dnsmasq-discuss <Dnsmasq-discuss@lists.thekelleys.org.uk>
Subject: [Cerowrt-devel] Had to disable dnssec today
Date: Sat, 26 Apr 2014 13:38:08 +0200	[thread overview]
Message-ID: <CALQXh-PJ+iP0r15Jewyx1wt3KWSmXNwbUME-41WM3BfXVja81g@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 919 bytes --]

Just too many sites aren't working correctly with dnsmasq and using
Google's DNS servers.

- Bank of America (sso-fi.bankofamerica.com)
- Weather Underground (cdnjs.cloudflare.com)
- Akamai (e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net)

And I'm not getting any traction with reporting the errors to those sites,
so it's frustrating in getting it properly fixed.

While Akamai and cloudflare appear to be issues with their entries in
google dns, or with dnsmasq's validation of them being insecure domains,
the BofA issue appears to be an outright bad key.  And BofA isn't being
helpful (just a continual "we use ssl" sort of quasi-automated response).

So I'm disabling it for now, or rather, falling back to using my ISP's dns
servers, which don't support DNSSEC at this time.  I'll be periodically
turning it back on, but too much is broken (mainly due to the cdns) to be
able to rely on it at this time.

-Aaron

[-- Attachment #2: Type: text/html, Size: 1328 bytes --]

             reply	other threads:[~2014-04-26 11:38 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-26 11:38 Aaron Wood [this message]
2014-04-26 16:00 ` dpreed
2014-04-26 16:20   ` Aaron Wood
2014-04-26 19:44     ` [Cerowrt-devel] [Dnsmasq-discuss] " Simon Kelley
2014-04-26 21:17       ` Simon Kelley
2014-04-26 23:28       ` Dave Taht
2014-04-27  2:46 ` [Cerowrt-devel] " Dave Taht
2014-05-17  3:25 ` Stephen Hemminger
2014-05-17  3:58   ` Aaron Wood

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALQXh-PJ+iP0r15Jewyx1wt3KWSmXNwbUME-41WM3BfXVja81g@mail.gmail.com \
    --to=woody77@gmail.com \
    --cc=Dnsmasq-discuss@lists.thekelleys.org.uk \
    --cc=cerowrt-devel@lists.bufferbloat.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox