On Tue, Mar 18, 2014 at 3:24 PM, Török Edwin <[email protected]> wrote: > On 03/18/2014 07:56 PM, Rich Brown wrote: >> Folks, >> >> I have updated the 3.10 Release Note page to match my understanding of the >> 3.10.32-9 release of 14 March 2014. It would be good to get more eyes on the >> page to look for inconsistencies, outright errors, omissions, etc. It's at: >> http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes >> >> Questions: >> >> - Please review the Features items. Any missing? Is DNSSEC enabled now? > > Good question. > If I run 'dig test.dnssec-or-not.net TXT' 3 times in succession it tells me > it is supported. > Try again a minute later, and the query times out again. Well might be just > my ISP's DNS servers being problematic.
Well, this query wedges an older cerowrt's dnsmasq thoroughly (rendering it inoperable). But I haven't updated to -9 yet on that box. There were a few fixes to dnsmasq that I put into -10, but I haven't tested it yet (and wasn't planning to). > 1st one times out (after about 18s): > $ dig test.dnssec-or-not.net TXT This works from a very well connected host in under a second. However, the TXT record is probably uncached, which accounts for the major delays elsewhere. somewhat. > > ; <<>> DiG 9.9.5-2-Debian <<>> test.dnssec-or-not.net TXT > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > Second gives me no results: > $ dig test.dnssec-or-not.net TXT > > ; <<>> DiG 9.9.5-2-Debian <<>> test.dnssec-or-not.net TXT > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51755 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 4096 > ;; QUESTION SECTION: > ;test.dnssec-or-not.net. IN TXT > > ;; Query time: 748 msec > ;; SERVER: 172.30.42.1#53(172.30.42.1) > ;; WHEN: Tue Mar 18 21:17:13 EET 2014 > ;; MSG SIZE rcvd: 51 > > Third tells me its good: > dig test.dnssec-or-not.net TXT > > ; <<>> DiG 9.9.5-2-Debian <<>> test.dnssec-or-not.net TXT > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35187 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 8, AUTHORITY: 3, ADDITIONAL: 5 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 4096 > ;; QUESTION SECTION: > ;test.dnssec-or-not.net. IN TXT > > ;; ANSWER SECTION: > test.dnssec-or-not.net. 35 IN CNAME > test.ad1b63b5bebca893.dnssec-or-not.net. > test.dnssec-or-not.net. 35 IN RRSIG CNAME 5 3 60 20140417191653 > 20140318191653 2256 dnssec-or-not.net. > m/Sg8YHkFV4iQW0W20G3iLVi+z+g4p+4919Ihq4hPrzQV6YRUNyzl1vm > pjM1pxG2mPgpqkDIRROUJtoF7k4yz2F6QzJAhbV7o7En2/MBHTRO2BuU > WoUrmBneWNxq43nbZXwYL01s7le0ff9MpQvtv14egOODa3zNuX++3htt W/Y= > test.ad1b63b5bebca893.dnssec-or-not.net. 36 IN CNAME > test.x.ad1b63b5bebca893.dnssec-or-not.net. > test.ad1b63b5bebca893.dnssec-or-not.net. 36 IN RRSIG CNAME 5 4 60 > 20140417191654 20140318191654 35475 ad1b63b5bebca893.dnssec-or-not.net. > PEudHM05Qsa7zfQtuXHSKP0n3RQttJeFa6ZE3IhYZcD1vP3ffxKDMxF0 > TynSCirU2dpgI1pdW0VIwUZkkFeBZw7RGub2znAXqxieRqVE2pE1DGcq > FAZyzy7BpvwIklBrnxidgngMdKJuXqq9ih+Kw2QrA03jFXTWIDhC/8Wq cM0= > test.x.ad1b63b5bebca893.dnssec-or-not.net. 37 IN CNAME > test.x.x.ad1b63b5bebca893.dnssec-or-not.net. > test.x.ad1b63b5bebca893.dnssec-or-not.net. 37 IN RRSIG CNAME 5 5 60 > 20140417191654 20140318191654 51156 x.ad1b63b5bebca893.dnssec-or-not.net. > rfm+D0Loe5hf3Qp6Qv6lypqlz/CXjcOqdCA3uxWnn/Sp8JBG//4bU7Kn > +WZUAkz5DVnrb6Wj6j8UDVKjKeFbNoV6ypOMZvnDVjaZiyFIjZn5OKVb > /Py4IaT1aazfuO+s30ymQrtGvlrR+nrBHsziEwxCoSFhfNLcysNsYHXL ycA= > test.x.x.ad1b63b5bebca893.dnssec-or-not.net. 55 IN TXT "Yes, you are using > DNSSEC" > test.x.x.ad1b63b5bebca893.dnssec-or-not.net. 55 IN RRSIG TXT 5 6 60 > 20140417191712 20140318191712 52056 x.x.ad1b63b5bebca893.dnssec-or-not.net. > CDxbTfIF7kD9XCZbQDNSjfnAAMkivDqKaXCVJGc1yusQuXbQqp1oWt9k > chXbbv5osmkJQ60Ril113OEC63zHght+VNyCeigJvs8blUyjRs2GTC0e > smDKUamlfT4xL5nC1LlXbKp7aMCjoyg1HV8cRZvJFWCTKMa5DLNCjcYX 2z4= > > ;; AUTHORITY SECTION: > x.x.ad1b63b5bebca893.dnssec-or-not.net. 54 IN NS > ns1.x.x.ad1b63b5bebca893.dnssec-or-not.net. > x.x.ad1b63b5bebca893.dnssec-or-not.net. 54 IN NS > ns0.x.x.ad1b63b5bebca893.dnssec-or-not.net. > x.x.ad1b63b5bebca893.dnssec-or-not.net. 54 IN RRSIG NS 5 5 60 20140417191712 > 20140318191712 52056 x.x.ad1b63b5bebca893.dnssec-or-not.net. > BkGyDiDy8xKUDQSTh01zdStU8H8FgxxTzhSnMw0tyuwg4dpPw/THlymB > Ubk4a8x1p3OlrtFh2IBub2om7vg+jxYo5joi10fX8aNgRPF3UuV+62ve > CFJ2IAfvmUvKVEWouY/Yv5kvoYNGqn/imxqE7Ni0U93VW9FuXkn1Y2tP hes= > > ;; ADDITIONAL SECTION: > ns0.x.x.ad1b63b5bebca893.dnssec-or-not.net. 54 IN A 72.13.58.79 > ns1.x.x.ad1b63b5bebca893.dnssec-or-not.net. 54 IN A 72.13.58.99 > ns0.x.x.ad1b63b5bebca893.dnssec-or-not.net. 54 IN RRSIG A 5 6 60 > 20140417191712 20140318191712 52056 x.x.ad1b63b5bebca893.dnssec-or-not.net. > FXg2lrSMdJ9WV5mVgON313mCyBnRkGVZRv8BlQCNty6bKhlc12/Fpamf > LMmjSy5padZm17ocqOhC6jRFaaj+qeWjLDnArMTddqYk9ecwRTvlIpLL > XNqUz/VphdWrXidfUftY8Chz/KVzJOM3FE/GDAFUAGoRaCBLalaYDFM6 1fM= > ns1.x.x.ad1b63b5bebca893.dnssec-or-not.net. 54 IN RRSIG A 5 6 60 > 20140417191712 20140318191712 52056 x.x.ad1b63b5bebca893.dnssec-or-not.net. > RrkstBIGWeZ1faMrn12mUap4eGeDnY492/dFISOmP3C/Ffo9mqBQc54x > ELBZ7CCyLNIPp+o25fGvS+N8NJO5IqB2hsb+ShSqZzIGYVxCbHB8/OFN > EqivXTRsygaoMXfIjIxK0IcefOSLs/MOV5PCjNjEw31OZsq8Gp4nQLWt V4c= > > ;; Query time: 20 msec > ;; SERVER: 172.30.42.1#53(172.30.42.1) > ;; WHEN: Tue Mar 18 21:17:19 EET 2014 > ;; MSG SIZE rcvd: 1594 > _______________________________________________ > Cerowrt-devel mailing list > [email protected] > https://lists.bufferbloat.net/listinfo/cerowrt-devel -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
