Now that I'm on Comcast, I'm going to try it again.

-Aaron


On Fri, May 16, 2014 at 8:25 PM, Stephen Hemminger <
stephen@networkplumber.org> wrote:

> On Sat, 26 Apr 2014 13:38:08 +0200
> Aaron Wood <woody77@gmail.com> wrote:
>
> > Just too many sites aren't working correctly with dnsmasq and using
> > Google's DNS servers.
> >
> > - Bank of America (sso-fi.bankofamerica.com)
> > - Weather Underground (cdnjs.cloudflare.com)
> > - Akamai (e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net)
> >
> > And I'm not getting any traction with reporting the errors to those
> sites,
> > so it's frustrating in getting it properly fixed.
> >
> > While Akamai and cloudflare appear to be issues with their entries in
> > google dns, or with dnsmasq's validation of them being insecure domains,
> > the BofA issue appears to be an outright bad key.  And BofA isn't being
> > helpful (just a continual "we use ssl" sort of quasi-automated response).
> >
> > So I'm disabling it for now, or rather, falling back to using my ISP's
> dns
> > servers, which don't support DNSSEC at this time.  I'll be periodically
> > turning it back on, but too much is broken (mainly due to the cdns) to be
> > able to rely on it at this time.
> >
> > -Aaron
>
> Ditto. I was holding out, but performance was much worse, many websites
> would load poorly and got complaints from many errors from my customers
> (family).
>