On 23/04/2014 17:44, Robert Bradley wrote: > This looks identical to the *.cloudflare.com issue I had last week. In > both cases, using Level 3's 4.2.2.2 instead of Google DNS works fine, > and 8.8.8.8 returns SERVFAIL for DS lookups. This looks like a bug in > Google's DNS servers as opposed to dnsmasq...
Digging into this further, it looks like the issue occurs for domain names where an A record exists but a DS record does not. In the case where the A/AAAA record is non-existent, (e.g. dscc.akamaiedge.net.0.1.cn.akamaiedge.net. instead of e3191.<...> or non-existent.cloudflare.com), you get the expected NOERROR or NXDOMAIN response. It would be worth testing this on a non-dual-stacked host or a subdomain without related A/AAAA records too. -- Robert Bradley
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
