<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Helvetica, Arial, sans-serif">So, this was done
faster as I thought.</font></p>
<p>I've uploaded the file to wetransfer since it's 3MB and I don't
want an outcry from people on here about me sending huge emails:
<a class="moz-txt-link-freetext" href="https://we.tl/t-mlLySN7n0f">https://we.tl/t-mlLySN7n0f</a></p>
<p>In that dump, you will probably see obsswitcher.com,
updates.spamassassin.org and api.foursquare.com failed requests. I
didn't look into it in detail, but the sheer size should indicate
a lot of failed requests.<br>
</p>
<pre class="moz-signature" cols="72">Cheers,
--
László Károlyi
<a class="moz-txt-link-freetext" href="http://linkedin.com/in/karolyi">http://linkedin.com/in/karolyi</a>
</pre>
<div class="moz-cite-prefix">On 2020-07-06 00:41, László Károlyi
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1c206e54-c75a-0b3c-b963-ac33844eb067@karolyi.hu">
<pre class="moz-quote-pre" wrap="">Hey Simon,
thanks for your response.
Yes, my bad, I should have said at the outset that I use the latest
dsmasq in FreeBSD with the latest official (12.1-RELEASE-p6) release on
the latest patch level. So, dnsmasq is "2.81_2,1" , as defined here:
<a class="moz-txt-link-freetext" href="https://www.freshports.org/dns/dnsmasq/">https://www.freshports.org/dns/dnsmasq/</a>
I use NTP to keep the time in sync on my box, the output of ntpq -n -p is:
remote refid st t when poll reach delay offset
jitter
==============================================================================
0.freebsd.pool. .POOL. 16 p - 64 0 0.000 +0.000
0.000
-162.159.200.1 10.71.10.44 3 u 49 1024 377 5.077 -2.686
0.288
*193.158.22.13 .MBGh. 1 u 217 1024 377 11.921 -1.232
0.298
+85.209.49.104 35.73.197.144 2 u 81 1024 377 2.780 -0.842
0.242
+185.120.22.12 130.149.17.21 2 u 384 1024 377 5.404 -0.482
0.384
-212.18.3.19 212.18.1.106 2 u 122 1024 377 6.106 -1.292
0.260
Basically as you can see, no egregious time differences (delay is in
milliseconds). As for the domains, my domain is kept in cloudflare, they
provide the DNSSEC records as well. I don't know if that's the case for
github and/or updates.spamassassin.org, which I also see failing.
I'll set the flags and logfile you provided, and will wait until the
error occurs again, and then I'll touch base again with you. It should
take a day or two at most, the sometimes failing cronjob runs hourly.
Best Regards,
--
László Károlyi
<a class="moz-txt-link-freetext" href="https://linkedin/com/in/karolyi">https://linkedin/com/in/karolyi</a>
On 05.07.20 23:17, Simon Kelley wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Just a stab in the dark: are you sure that the clocks on these machines
are accurate? DNSSEC signatures have validity periods and when I checked
obsswitcher.com its start-of-validity time was only an hour or so before
the time when I checked, so a bad clock would explain what you're seeing.
Failing that, you don't say what version of dnsmasq you're running.
PLease make sure you upgrade to 2.81 if you're running older code. That
fixes lots of DNSSEC bugs.
If 2.81 still shows the problem, set the following dnsmasq configuration
dumpfile=<path/to/file>
dumpmask=0x00C0
run the test again and send me the resulting dumps.
Cheers,
Simon.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dnsmasq-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a>
<a class="moz-txt-link-freetext" href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a>
</pre>
</blockquote>
</blockquote>
</body>
</html>