On Sat, 26 Apr 2014 13:38:08 +0200 Aaron Wood <[email protected]> wrote:
> Just too many sites aren't working correctly with dnsmasq and using > Google's DNS servers. > > - Bank of America (sso-fi.bankofamerica.com) > - Weather Underground (cdnjs.cloudflare.com) > - Akamai (e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net) > > And I'm not getting any traction with reporting the errors to those sites, > so it's frustrating in getting it properly fixed. > > While Akamai and cloudflare appear to be issues with their entries in > google dns, or with dnsmasq's validation of them being insecure domains, > the BofA issue appears to be an outright bad key. And BofA isn't being > helpful (just a continual "we use ssl" sort of quasi-automated response). > > So I'm disabling it for now, or rather, falling back to using my ISP's dns > servers, which don't support DNSSEC at this time. I'll be periodically > turning it back on, but too much is broken (mainly due to the cdns) to be > able to rely on it at this time. > > -Aaron Ditto. I was holding out, but performance was much worse, many websites would load poorly and got complaints from many errors from my customers (family). _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
