[Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?

Robert Bradley robert.bradley1 at gmail.com
Sun May 11 14:46:49 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/05/14 13:15, Robert Bradley wrote:
> I noticed fairly recently that some Wi-Fi networks (Global Gossip, using filtered OpenDNS upstream)
refused all dnssec-enabled requests with NXDOMAIN. This was testing with
a custom-built dnsmasq 2.70 on Ubuntu, but the same setup works fine
behind both CeroWRT and other DNSSEC-capable servers that I tried.

I eventually tracked this down to issues with 208.67.222.222 and EDNS. 
If you disable dnssec on dnsmasq, it resorts to standard-length DNS
queries and name resolution works.  This seems to be network-specific
though; requests from home seem to get through fine.  As an aside, this
was a pain to debug since Ubuntu's dig defaults to EDNS-enabled
requests.  These all fail even if you have "working" dnsmasq and route
queries via that...

- -- 
Robert Bradley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTb++2AAoJEGK/UXZZ8Ak6jHYP/3cJ6CHWAuJw0e+XwDGeScRW
uNx2qhBmQUZQIKSToep5fUiLidcOvOZ5+t2QUEtc5f8fIuhtooKlJqTNQEVQ/lNT
ideHNjgL7Ca0Lsurvx04RqFiHLRkuJCO/ql4WTvTebunVX4pdDEMz1jz+WoIGZJq
SbTQ/poATRUuQwdpet9PHOkPwxxyeS4uWYaFFBxwGzH/f6ha2vnnwvmUWC+qT3WI
/0MBtXK65aMD6sUkbhI8A2CrddBCq9VLTc+V9KMK0JHNXyRYBROK88kgVr/n3TJC
NTJuJN/+RwbSsJYJtRasB7hejnKtiWz6eiIAV0oDYV4AbBx8ZQT00htezXOkIjMD
9tJaHJLVzfUyJB6pxJM53tpOwIcmu/gkKsjAYBOiK6jOgIC4qL06/zQBv+IqsJEw
3WSs2cOXNCmzkZ2QZwxM1kCU6M6P21+vj+64EBwWCs+ltSVQkTMZwxojBTOXpZud
9KzrBODhx6ksHKgXTslS4ljMFMGQbOekcWyXQL89ZxGyzT7SbwmFBnPSP4LNpkn9
c7DKowWPaJY5NxtSJoYM8ImI2ut28SLpHgsTY6hmYpCWvJy8J2H/HCsSJwLb36qt
FNmCSZfx2KRKFI7k0L+babXfl7lMgIwVo59OmBAXT8hDtMEWDyxOQ8tdcTk3VArJ
6/kMuPtkDLsvH80LQMAe
=HVAh
-----END PGP SIGNATURE-----



More information about the Cerowrt-devel mailing list