[Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
Robert Bradley
robert.bradley1 at gmail.com
Sun May 11 14:46:49 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/05/14 13:15, Robert Bradley wrote:
> I noticed fairly recently that some Wi-Fi networks (Global Gossip, using filtered OpenDNS upstream)
refused all dnssec-enabled requests with NXDOMAIN. This was testing with
a custom-built dnsmasq 2.70 on Ubuntu, but the same setup works fine
behind both CeroWRT and other DNSSEC-capable servers that I tried.
I eventually tracked this down to issues with 208.67.222.222 and EDNS.
If you disable dnssec on dnsmasq, it resorts to standard-length DNS
queries and name resolution works. This seems to be network-specific
though; requests from home seem to get through fine. As an aside, this
was a pain to debug since Ubuntu's dig defaults to EDNS-enabled
requests. These all fail even if you have "working" dnsmasq and route
queries via that...
- --
Robert Bradley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTb++2AAoJEGK/UXZZ8Ak6jHYP/3cJ6CHWAuJw0e+XwDGeScRW
uNx2qhBmQUZQIKSToep5fUiLidcOvOZ5+t2QUEtc5f8fIuhtooKlJqTNQEVQ/lNT
ideHNjgL7Ca0Lsurvx04RqFiHLRkuJCO/ql4WTvTebunVX4pdDEMz1jz+WoIGZJq
SbTQ/poATRUuQwdpet9PHOkPwxxyeS4uWYaFFBxwGzH/f6ha2vnnwvmUWC+qT3WI
/0MBtXK65aMD6sUkbhI8A2CrddBCq9VLTc+V9KMK0JHNXyRYBROK88kgVr/n3TJC
NTJuJN/+RwbSsJYJtRasB7hejnKtiWz6eiIAV0oDYV4AbBx8ZQT00htezXOkIjMD
9tJaHJLVzfUyJB6pxJM53tpOwIcmu/gkKsjAYBOiK6jOgIC4qL06/zQBv+IqsJEw
3WSs2cOXNCmzkZ2QZwxM1kCU6M6P21+vj+64EBwWCs+ltSVQkTMZwxojBTOXpZud
9KzrBODhx6ksHKgXTslS4ljMFMGQbOekcWyXQL89ZxGyzT7SbwmFBnPSP4LNpkn9
c7DKowWPaJY5NxtSJoYM8ImI2ut28SLpHgsTY6hmYpCWvJy8J2H/HCsSJwLb36qt
FNmCSZfx2KRKFI7k0L+babXfl7lMgIwVo59OmBAXT8hDtMEWDyxOQ8tdcTk3VArJ
6/kMuPtkDLsvH80LQMAe
=HVAh
-----END PGP SIGNATURE-----
More information about the Cerowrt-devel
mailing list