[Cerowrt-devel] test-ipv6.com vs dnssec

Sebastian Moeller moeller0 at gmx.de
Sat Apr 26 15:41:35 EDT 2014 

Hi List, hi Dave,

so I had to restart cerowrt 3.10.36-6 today after coming home from a 5 day trip. I had some issues connecting with a macbook and one of 2 nexus 4s. after a reboot of the router both MacBooks connected fine on the 5GHz radio but none of the nexi connected to either the 2.4GHz nor the 5GHz radio, instead they produced endless repetitions of:
Sat Apr 26 21:27:15 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: disassociated
Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: authenticated
Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: associated (aid 1)
Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 WPA: pairwise key handshake completed (RSN)
Sat Apr 26 21:27:30 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
Sat Apr 26 21:27:33 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
Sat Apr 26 21:27:35 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
Sat Apr 26 21:27:39 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
Sat Apr 26 21:27:47 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00

Following Dave's recommendation of issuing a "/etc/init.d/dnsmasq reload" allowed both phones to connect again, so we might still have a race hidden somewhere… (This is on a system without working ipv6 currently). 3.10.36-6 looks like it needs a bit more maturation time ;) It would be interesting to learn whether the same approach might help other people as well...

Best Regards
	Sebastian



On Apr 25, 2014, at 21:42 , Dave Taht <dave.taht at gmail.com> wrote:

> We used to arbitrarily restart dnsmasq after boot with a script.
> Perhaps doing a /etc/init.d/dnsmasq reload 60 sec after boo will show
> something.
> 
> But I am puzzled as to not getting an ipv4 route. This hints at an
> issue on the ubus.
> 
> I am trying to take a bit of vacation for the next week or so, it was
> my hope everything was actually working...
> 
> ... and even if it isn't, I need a break. Good Luck on this y'all,
> I'll be back after a tan.
> 
> 
> On Fri, Apr 25, 2014 at 12:24 PM, Török Edwin
> <edwin+ml-cerowrt at etorok.net> wrote:
>> On 04/25/2014 09:01 PM, Jim Gettys wrote:
>>> More specifically, after boot, most of the time test-ipv6.com <http://test-ipv6.com> reports lots of problems.
>>> 
>>> Then I turned off both dnssec and dnssec-check-unsigned, and restarted dnsmasq; clean bill of health from test-ipv6.com <http://test-ipv6.com>.
>>> 
>>> 
>>> So we seem to have a boot time race of some sort.
>> 
>> There is definitely something wrong when ipv6 is enabled (I just noticed that since my latest upgrade I forgot to enable it).
>> When I enable ipv6 for PPPoE, then IPv6 works in the sense I can ping6 stuff from the router ... except IPv4 is completely broken: there is no default route added according to 'ip route show',
>> and even if I add a default route machines from LAN still can't reach IPv4 (presumably firewall would need to be reloaded too?).
>> It doesn't seem to be dnssec related, as even if I turn both dnssec and dnssec-check-unsigned off the behaviour is still the same.
>> I haven't investigated more deeply whats wrong yet. Do you think it could be related to your race condition?
>> 
>>> Then I turned on dnssec only, leaving dnssec-check-unsigned, and got a clean bill of health.
>> 
>> I've been using this for a while, it gets me a 0/10 score, i.e. ipv4 works, ipv6 fails, dual stack works with ipv4.
>> 
>>> 
>>> Then I turned on both at the same time, and things are working.
>> 
>> With both on I get a 'n/a' as a result, saying that dual-stack lookups timed out, presumably because ipv6 is off see below.
>> 
>> 
>> 
>> Best regards,
>> --Edwin
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
> 
> 
> 
> -- 
> Dave Täht
> 
> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel

More information about the Cerowrt-devel mailing list