I tweeted this thread to cloudflare.
On Sat, Apr 12, 2014 at 5:24 AM, Robert Bradley <[email protected]> wrote: > On 12/04/2014 13:02, Toke Høiland-Jørgensen wrote: >> Robert Bradley <[email protected]> writes: >> >>> That seems to suggest that it's the DS queries that are failing and >>> that this is probably not a dnsmasq bug. Trying Verisign's DNSSEC >>> debugger (http://dnssec-debugger.verisignlabs.com/blog.cloudflare.com) >>> seems to suggest that their nameservers refuse requests for DNSKEY >>> records. >> I seem to have no problems resolving either cloudfare.com or >> cloudfare.net with dnssec validation enabled. But then I might have a >> different view of their DNS infrastructure; I'm in Sweden... >> >> You can try running dig with +dnssec +trace to see where in the chain >> things go wrong... >> >> -Toke > > Using +dnssec +trace returns no errors, but that ends up bypassing both > Google's DNS servers and dnsmasq in favour of going directly to the DNS > root. It looks like there is some issue with 8.8.8.8 and 8.8.4.4 > disliking that particular domain (at least from a UK point of view), but > I am unable to see what it is. > > -- > Robert Bradley > > > > _______________________________________________ > Cerowrt-devel mailing list > [email protected] > https://lists.bufferbloat.net/listinfo/cerowrt-devel > -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
