[Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

Dave Taht dave.taht at gmail.com
Wed May 6 20:09:59 BST 2015


Suspecting edns0 (I am also using ipv6 only as my upstream forwarder),
i dropped edns_packet_max


dair-833:babeld d$ dig +dnssec www.ietf.org

;; Truncated, retrying in TCP mode.


; <<>> DiG 9.8.3-P1 <<>> +dnssec www.ietf.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4614

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 1200

;; QUESTION SECTION:

;www.ietf.org. IN A


;; ANSWER SECTION:

www.ietf.org. 1292 IN CNAME www.ietf.org.cdn.cloudflare-dnssec.net.

www.ietf.org. 1292 IN RRSIG CNAME 5 3 1800 20160426153432
20150427143650 40452 ietf.org.
P/M2NpsObZhTLqxxkQqDnKCkIqhgcBQcSRidfikEAFDrNUKJDeah8z4S
8/QRGqsn4OtmZHHhm0LwfxtUrqQkB/sbQzoUVgAdPQHQRxmUpZ58BQ4O
P8jcThPIWnlauBBNusbTuq/iEo2L73P+eBBesGq+rCiUDmKHAfbo2aF4
fKh9q8NjmJbfAoD6ihjq5aNigzPErwv7mZ6jLg/eS1xh12pox5EYAUnO
lPXIj5puSgizSkr7oOZv41kIiqxyvxGdu37ti7zc73p5NGI5qng+eSOE
JcvK0VQc1Rn18nlwnq3yM+o6VldGDfMX6WY+zywKwyI3tFnpqAtKC+CJ /JxtIw==

www.ietf.org.cdn.cloudflare-dnssec.net. 64 IN A 104.20.0.85

www.ietf.org.cdn.cloudflare-dnssec.net. 64 IN A 104.20.1.85

www.ietf.org.cdn.cloudflare-dnssec.net. 64 IN RRSIG A 13 6 300
20150507200525 20150505180525 35273 cloudflare-dnssec.net.
jcky3oJ2x1ZUfEQJCSLEqjCWA9ifxAArUb2ZVsnHbhBngBq0IvER4KCU
mrdAy7+5vHduGsaMg/y4mHLfJohcRA==


;; Query time: 222 msec

;; SERVER: 172.26.16.1#53(172.26.16.1)

;; WHEN: Wed May  6 12:08:13 2015

;; MSG SIZE  rcvd: 538


On Wed, May 6, 2015 at 11:22 AM, Dave Taht <dave.taht at gmail.com> wrote:
>  nslookup www.ietf.org fails again... it did not fail a few days ago.
>
> chrome returns nxdomain
>
>
> --
> Dave Täht
> Open Networking needs **Open Source Hardware**
>
> https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67



-- 
Dave Täht
Open Networking needs **Open Source Hardware**

https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67



More information about the Dnsmasq-discuss mailing list