[Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Fri Sep 9 15:24:34 BST 2016
Hi All,
Having some issues with my 'onedrive for business' application which in
turn uses 'sharepoint.com'. Short version: dnsmasq 2.76 thinks
sharepoint.com is bogus. Directly querying upstream servers is okay:
# drill -D @8.8.8.8 sharepoint.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 45014
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; sharepoint.com. IN A
;; ANSWER SECTION:
sharepoint.com. 20224 IN CNAME sharepoint.microsoft.com.
sharepoint.microsoft.com. 3346 IN A 64.4.6.100
sharepoint.microsoft.com. 3346 IN A 65.55.39.10
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 17 msec
;; EDNS: version 0; flags: do ; udp: 512
;; SERVER: 8.8.8.8
;; WHEN: Fri Sep 9 15:14:12 2016
;; MSG SIZE rcvd: 110
If I disable 'check unsigned' on the router's dnsmasq instance things
work ok.
Why does dnsmasq think bogus, but google think ok?
Kevin
More information about the Dnsmasq-discuss
mailing list