[Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

Dave Taht dave.taht at gmail.com
Wed May 6 20:11:42 BST 2015


prematurely sent that email. setting edns_packet_max to 1200 made it
drop to tcp and work.

I am going to argue that edns0 should be set to the bare minimum, by
default, in dnsmasq, whatever it is, for it to
fall back to tcp correctly.

On Wed, May 6, 2015 at 12:09 PM, Dave Taht <dave.taht at gmail.com> wrote:
> Suspecting edns0 (I am also using ipv6 only as my upstream forwarder),
> i dropped edns_packet_max
>
>
> dair-833:babeld d$ dig +dnssec www.ietf.org
>
> ;; Truncated, retrying in TCP mode.
>
>
> ; <<>> DiG 9.8.3-P1 <<>> +dnssec www.ietf.org
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4614
>
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags: do; udp: 1200
>
> ;; QUESTION SECTION:
>
> ;www.ietf.org. IN A
>
>
> ;; ANSWER SECTION:
>
> www.ietf.org. 1292 IN CNAME www.ietf.org.cdn.cloudflare-dnssec.net.
>
> www.ietf.org. 1292 IN RRSIG CNAME 5 3 1800 20160426153432
> 20150427143650 40452 ietf.org.
> P/M2NpsObZhTLqxxkQqDnKCkIqhgcBQcSRidfikEAFDrNUKJDeah8z4S
> 8/QRGqsn4OtmZHHhm0LwfxtUrqQkB/sbQzoUVgAdPQHQRxmUpZ58BQ4O
> P8jcThPIWnlauBBNusbTuq/iEo2L73P+eBBesGq+rCiUDmKHAfbo2aF4
> fKh9q8NjmJbfAoD6ihjq5aNigzPErwv7mZ6jLg/eS1xh12pox5EYAUnO
> lPXIj5puSgizSkr7oOZv41kIiqxyvxGdu37ti7zc73p5NGI5qng+eSOE
> JcvK0VQc1Rn18nlwnq3yM+o6VldGDfMX6WY+zywKwyI3tFnpqAtKC+CJ /JxtIw==
>
> www.ietf.org.cdn.cloudflare-dnssec.net. 64 IN A 104.20.0.85
>
> www.ietf.org.cdn.cloudflare-dnssec.net. 64 IN A 104.20.1.85
>
> www.ietf.org.cdn.cloudflare-dnssec.net. 64 IN RRSIG A 13 6 300
> 20150507200525 20150505180525 35273 cloudflare-dnssec.net.
> jcky3oJ2x1ZUfEQJCSLEqjCWA9ifxAArUb2ZVsnHbhBngBq0IvER4KCU
> mrdAy7+5vHduGsaMg/y4mHLfJohcRA==
>
>
> ;; Query time: 222 msec
>
> ;; SERVER: 172.26.16.1#53(172.26.16.1)
>
> ;; WHEN: Wed May  6 12:08:13 2015
>
> ;; MSG SIZE  rcvd: 538
>
>
> On Wed, May 6, 2015 at 11:22 AM, Dave Taht <dave.taht at gmail.com> wrote:
>>  nslookup www.ietf.org fails again... it did not fail a few days ago.
>>
>> chrome returns nxdomain
>>
>>
>> --
>> Dave Täht
>> Open Networking needs **Open Source Hardware**
>>
>> https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67
>
>
>
> --
> Dave Täht
> Open Networking needs **Open Source Hardware**
>
> https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67



-- 
Dave Täht
Open Networking needs **Open Source Hardware**

https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67



More information about the Dnsmasq-discuss mailing list