[Cerowrt-devel] DNSSEC failure for *.cloudflare.com via dnsmasq?
Toke Høiland-Jørgensen
toke at toke.dk
Sat Apr 12 08:02:55 EDT 2014
Robert Bradley <robert.bradley1 at gmail.com> writes:
> That seems to suggest that it's the DS queries that are failing and
> that this is probably not a dnsmasq bug. Trying Verisign's DNSSEC
> debugger (http://dnssec-debugger.verisignlabs.com/blog.cloudflare.com)
> seems to suggest that their nameservers refuse requests for DNSKEY
> records.
I seem to have no problems resolving either cloudfare.com or
cloudfare.net with dnssec validation enabled. But then I might have a
different view of their DNS infrastructure; I'm in Sweden...
You can try running dig with +dnssec +trace to see where in the chain
things go wrong...
-Toke
More information about the Cerowrt-devel
mailing list