[Cerowrt-devel] DNSSEC failure for *.cloudflare.com via dnsmasq?

Toke Høiland-Jørgensen toke at toke.dk
Sat Apr 12 08:02:55 EDT 2014


Robert Bradley <robert.bradley1 at gmail.com> writes:

> That seems to suggest that it's the DS queries that are failing and
> that this is probably not a dnsmasq bug. Trying Verisign's DNSSEC
> debugger (http://dnssec-debugger.verisignlabs.com/blog.cloudflare.com)
> seems to suggest that their nameservers refuse requests for DNSKEY
> records.

I seem to have no problems resolving either cloudfare.com or
cloudfare.net with dnssec validation enabled. But then I might have a
different view of their DNS infrastructure; I'm in Sweden...

You can try running dig with +dnssec +trace to see where in the chain
things go wrong...

-Toke



More information about the Cerowrt-devel mailing list