[Cerowrt-devel] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014

Jim Gettys jg at freedesktop.org
Mon Apr 28 12:55:11 EDT 2014

​​Comcast recently lit up IPv6 native dual stack in the Boston area.

The http://test-ipv6.com/ web site complains about DNS problems unless
dnssec is disabled; if it is, I get various timeouts.

Test with IPv4 DNS record
ok (4.196s)
Test with IPv6 DNS record
ok (0.115s) using ipv6
Test with Dual Stack DNS record
timeout (11.882s)
Test for Dual Stack DNS and large packet
timeout (11.817s)
Test IPv4 without DNS
ok (0.214s) using ipv4
Test IPv6 without DNS
ok (0.204s) using ipv6
Test IPv6 large packet
ok (0.120s) using ipv6
Test if your ISP's DNS server uses IPv6
slow (8.752s)
Find IPv4 Service Provider
timeout (11.968s)
Find IPv6 Service Provider
ok (0.126s) using ipv6 ASN 7922
Test for buggy DNS
undefined (5.003s)

DNS server addresses look reasonable for Comcast.
DNS 1:
DNS 2:
DNS 1: 2001:558:feed::1
DNS 2: 2001:558:feed::2

Today, the problem seems consistent with turning dnssec on and off on the
router.  If enabled, I have problems; if disabled, I get a clean bill of
health out of test-ipv6.com.
                                             - Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140428/3b0f7127/attachment-0002.html>

More information about the Cerowrt-devel mailing list