[Cerowrt-devel] DNSSEC failure for *.cloudflare.com via dnsmasq?

Dave Taht dave.taht at gmail.com
Sat Apr 12 15:06:16 EDT 2014

I tweeted this thread to cloudflare.

On Sat, Apr 12, 2014 at 5:24 AM, Robert Bradley
<robert.bradley1 at gmail.com> wrote:
> On 12/04/2014 13:02, Toke Høiland-Jørgensen wrote:
>> Robert Bradley <robert.bradley1 at gmail.com> writes:
>>> That seems to suggest that it's the DS queries that are failing and
>>> that this is probably not a dnsmasq bug. Trying Verisign's DNSSEC
>>> debugger (http://dnssec-debugger.verisignlabs.com/blog.cloudflare.com)
>>> seems to suggest that their nameservers refuse requests for DNSKEY
>>> records.
>> I seem to have no problems resolving either cloudfare.com or
>> cloudfare.net with dnssec validation enabled. But then I might have a
>> different view of their DNS infrastructure; I'm in Sweden...
>> You can try running dig with +dnssec +trace to see where in the chain
>> things go wrong...
>> -Toke
> Using +dnssec +trace returns no errors, but that ends up bypassing both
> Google's DNS servers and dnsmasq in favour of going directly to the DNS
> root.  It looks like there is some issue with and
> disliking that particular domain (at least from a UK point of view), but
> I am unable to see what it is.
> --
> Robert Bradley
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel

Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article

More information about the Cerowrt-devel mailing list