[Dnsmasq-discuss] Testers wanted: DNSSEC.
Eugene Rudoy
gene.devel at gmail.com
Sat Feb 8 10:01:12 GMT 2014
Hi Simon,
On Thu, Feb 6, 2014 at 11:29 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
> What result do you get if you run
>
> dig +dnssec @8.8.8,8 ietf.org
>
> It's not unknown for an ISP to redirect all port 53 traffic to their own DNS
> servers.........
you're right, it seems my ISP redirects all port 53 traffic...
This is the answer I get if I run "dig +dnssec @8.8.8.8 ietf.org"
while connected through my ISP:
; <<>> DiG 9.8.1-P1 <<>> +dnssec @8.8.8.8 ietf.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11422
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;ietf.org. IN A
;; ANSWER SECTION:
ietf.org. 1407 IN A 4.31.198.44
;; Query time: 50 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 8 10:55:23 2014
;; MSG SIZE rcvd: 53
This is the answer to the same query while using ISP of my father:
; <<>> DiG 9.8.1-P1 <<>> +dnssec @8.8.8.8 ietf.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40854
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;ietf.org. IN A
;; ANSWER SECTION:
ietf.org. 1799 IN A 4.31.198.44
ietf.org. 1799 IN RRSIG A 5 2 1800 20150203200914 20140203191110 40452
ietf.org. LaMW5WtE2HErWUlDRJGZeDiP0CiMIXB3Dcy5phPIT4v0pEf6FG8hAM5V
8pL8T38jovBPrMzRqqMO9VJspXKrs2UTefHl6Gkyn7rPjHYzusBQyvXm
Gzy8uI46CIGQ7DKZYhU7LTDl4Xd7CI+xbqSL1jUXvSFVnTxgRJ5nhmBM
wd1+KFV9zgAviOZW3kd7NiOgKRIrdQHtojE/LgBwAiejm6snmYte/bqc
LV+d/UUnwx7PRQlr0cXS1U5fpYbLCMI0q7Pj63CDQqMbI+R9SlSlKPFB
9pK73sJ7KMyinZT8TDbLvfbbywGfRwcOZs290aqjIycEh7t18K48vslD OZ5McQ==
;; Query time: 144 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 8 10:57:16 2014
;; MSG SIZE rcvd: 349
I'll ask my ISP if they can disable this "feature"...
Thanks!
Best regards,
Gene
More information about the Dnsmasq-discuss
mailing list