[Cerowrt-devel] [Dnsmasq-discuss] more dnssec failures

Aaron Wood woody77 at gmail.com
Wed Apr 23 13:18:39 EDT 2014

On Wed, Apr 23, 2014 at 6:44 PM, Robert Bradley
<robert.bradley1 at gmail.com>wrote:

> > ; <<>> DiG 9.8.1-P1 <<>> +cd @ a
> > e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
> <snip rest of NOERROR response>
> >
> > But a query for DS on the same domain, which is what dnsmasq does next,
> > returns SERVFAIL, _even_with_ checking disabled.
> >
> > ; <<>> DiG 9.8.1-P1 <<>> +cd @ ds
> > e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
> <snip SERVFAIL response>
> This looks identical to the *.cloudflare.com issue I had last week.  In
> both cases, using Level 3's instead of Google DNS works fine,
> and returns SERVFAIL for DS lookups.  This looks like a bug in
> Google's DNS servers as opposed to dnsmasq...

A question about dnsmasq and multiple servers.  If I listed both
and in my dnsmasq configuration, how would dnsmasq behave in this
case?  would it query both for the DS?  or just "stick" with the first
server to start responding with an A-record?

(I confess that I don't know the details of DNS very well)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140423/0b11c41d/attachment-0002.html>

More information about the Cerowrt-devel mailing list