[Cerowrt-devel] test-ipv6.com vs dnssec
Dave Taht
dave.taht at gmail.com
Fri Apr 25 15:42:05 EDT 2014
We used to arbitrarily restart dnsmasq after boot with a script.
Perhaps doing a /etc/init.d/dnsmasq reload 60 sec after boo will show
something.
But I am puzzled as to not getting an ipv4 route. This hints at an
issue on the ubus.
I am trying to take a bit of vacation for the next week or so, it was
my hope everything was actually working...
... and even if it isn't, I need a break. Good Luck on this y'all,
I'll be back after a tan.
On Fri, Apr 25, 2014 at 12:24 PM, Török Edwin
<edwin+ml-cerowrt at etorok.net> wrote:
> On 04/25/2014 09:01 PM, Jim Gettys wrote:
>> More specifically, after boot, most of the time test-ipv6.com <http://test-ipv6.com> reports lots of problems.
>>
>> Then I turned off both dnssec and dnssec-check-unsigned, and restarted dnsmasq; clean bill of health from test-ipv6.com <http://test-ipv6.com>.
>>
>>
>> So we seem to have a boot time race of some sort.
>
> There is definitely something wrong when ipv6 is enabled (I just noticed that since my latest upgrade I forgot to enable it).
> When I enable ipv6 for PPPoE, then IPv6 works in the sense I can ping6 stuff from the router ... except IPv4 is completely broken: there is no default route added according to 'ip route show',
> and even if I add a default route machines from LAN still can't reach IPv4 (presumably firewall would need to be reloaded too?).
> It doesn't seem to be dnssec related, as even if I turn both dnssec and dnssec-check-unsigned off the behaviour is still the same.
> I haven't investigated more deeply whats wrong yet. Do you think it could be related to your race condition?
>
>> Then I turned on dnssec only, leaving dnssec-check-unsigned, and got a clean bill of health.
>
> I've been using this for a while, it gets me a 0/10 score, i.e. ipv4 works, ipv6 fails, dual stack works with ipv4.
>
>>
>> Then I turned on both at the same time, and things are working.
>
> With both on I get a 'n/a' as a result, saying that dual-stack lookups timed out, presumably because ipv6 is off see below.
>
>
>
> Best regards,
> --Edwin
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
More information about the Cerowrt-devel
mailing list