[Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?

[Robert Bradley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/05/14 13:15, Robert Bradley wrote:
>
> I noticed fairly recently that some Wi-Fi networks (Global
> Gossip, using filtered OpenDNS upstream) refused all dnssec-enabled
> requests with NXDOMAIN.  This was testing with a custom-built dnsmasq
> 2.70 on Ubuntu, but the same setup works fine behind both CeroWRT and
> other DNSSEC-capable servers that I tried.
>

I eventually tracked this down to issues with 208.67.222.222 and EDNS.
If you disable dnssec on dnsmasq, it resorts to standard-length DNS
queries and name resolution works.  This seems to be network-specific
though; requests from home seem to get through fine.  As an aside, this
was a pain to debug since Ubuntu's dig defaults to EDNS-enabled
requests.  These all fail even if you have "working" dnsmasq and route
queries via that...


- -- 
Robert Bradley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTb/AvAAoJEGK/UXZZ8Ak62pkQAJbibqqn7zUSB8tjsCDZcbW/
dP8SwYHsO3igsyQEbQuJsFuhZd/hY5Hp18twEa9xlmzNAMBuHRlVxR8ii3twqoov
y6fP6wNwbRCbpyV5vHRLX/LeGuAz6WkkftJKRWj2eNpQ1D72qtfVRTCoY6dvQD8+
YiieRl2oeyqRT81X0NQhHr6SKlzydOiPCxudSzNPLhLCNy3YmGFLs5peeVlbNEcI
5vcryX4NOwrP4prry6WuZLJd0CTavy5zMNb/aD+Bihf6a39rUo5EOskmvpsdFnYV
hVpa3uBSken5hOrDkjFWJ3p0gbw8L7L6nhFEyimh7uu3s+BVQcuPwGQxkI7yeqUA
zQyWCNnkJSWVwsWRZz0LJ74cPcJImR3aV8ARfhxN5dcQLkFUCp3Y045LleIwEPQb
F+FcOl9HJEjWobWmZkka3f3kEzDFFk31iiC5RCuj9UW29W1ShuqG8F41a3/RHhUb
EbuNXx1QhdsJhx0t+DtBVIl8Oq34MjFNdanGO4LKtdqYM8RHEeQE8RWJy1O7m8Ri
TtpUjg4T62sZ6EpA9VieBfI2Z/xtZCNXwE5hiS/GmZhwaT0OSKjsPWumT0l4AkrB
NoC0PstOb4e1TTELV1uw24krZ7hGJWrci3Nv3jijBiZQ47xi+88kcWIeVzH0GWYs
MdyTLHUqBM6NTsrUPyUF
=VWWv
-----END PGP SIGNATURE-----