[Dnsmasq-discuss] Testers wanted: DNSSEC.

Eugene Rudoy gene.devel at gmail.com
Sat Feb 8 10:01:12 GMT 2014


Hi Simon,

On Thu, Feb 6, 2014 at 11:29 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
> What result do you get if you run
>
> dig +dnssec @8.8.8,8 ietf.org
>
> It's not unknown for an ISP to redirect all port 53 traffic to their own DNS
> servers.........

you're right, it seems my ISP redirects all port 53 traffic...

This is the answer I get if I run "dig +dnssec @8.8.8.8 ietf.org"
while connected through my ISP:

; <<>> DiG 9.8.1-P1 <<>> +dnssec @8.8.8.8 ietf.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11422
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;ietf.org. IN A

;; ANSWER SECTION:
ietf.org. 1407 IN A 4.31.198.44

;; Query time: 50 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb  8 10:55:23 2014
;; MSG SIZE  rcvd: 53

This is the answer to the same query while using ISP of my father:
; <<>> DiG 9.8.1-P1 <<>> +dnssec @8.8.8.8 ietf.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40854
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;ietf.org. IN A

;; ANSWER SECTION:
ietf.org. 1799 IN A 4.31.198.44
ietf.org. 1799 IN RRSIG A 5 2 1800 20150203200914 20140203191110 40452
ietf.org. LaMW5WtE2HErWUlDRJGZeDiP0CiMIXB3Dcy5phPIT4v0pEf6FG8hAM5V
8pL8T38jovBPrMzRqqMO9VJspXKrs2UTefHl6Gkyn7rPjHYzusBQyvXm
Gzy8uI46CIGQ7DKZYhU7LTDl4Xd7CI+xbqSL1jUXvSFVnTxgRJ5nhmBM
wd1+KFV9zgAviOZW3kd7NiOgKRIrdQHtojE/LgBwAiejm6snmYte/bqc
LV+d/UUnwx7PRQlr0cXS1U5fpYbLCMI0q7Pj63CDQqMbI+R9SlSlKPFB
9pK73sJ7KMyinZT8TDbLvfbbywGfRwcOZs290aqjIycEh7t18K48vslD OZ5McQ==

;; Query time: 144 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb  8 10:57:16 2014
;; MSG SIZE  rcvd: 349

I'll ask my ISP if they can disable this "feature"...

Thanks!

Best regards,
Gene



More information about the Dnsmasq-discuss mailing list