[Cerowrt-devel] [Dnsmasq-discuss] more dnssec failures
robert.bradley1 at gmail.com
Wed Apr 23 13:16:12 EDT 2014
On 23/04/2014 17:44, Robert Bradley wrote:
> This looks identical to the *.cloudflare.com issue I had last week. In
> both cases, using Level 3's 18.104.22.168 instead of Google DNS works fine,
> and 22.214.171.124 returns SERVFAIL for DS lookups. This looks like a bug in
> Google's DNS servers as opposed to dnsmasq...
Digging into this further, it looks like the issue occurs for domain
names where an A record exists but a DS record does not. In the case
where the A/AAAA record is non-existent, (e.g.
dscc.akamaiedge.net.0.1.cn.akamaiedge.net. instead of e3191.<...> or
non-existent.cloudflare.com), you get the expected NOERROR or NXDOMAIN
response. It would be worth testing this on a non-dual-stacked host or
a subdomain without related A/AAAA records too.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 899 bytes
Desc: OpenPGP digital signature
More information about the Cerowrt-devel