[Dnsmasq-discuss] Google's DNS and Insecure DS reply received, do upstream DNS servers support DNSSEC?

2018-07-28 Thread Kevin Darbyshire-Bryant 
Greetings!

This isn’t a new problem but curiosity/frustration has now got the better of 
me.  I’ve a QNAP NAS box which registers itself under 
‘waldorfdb.myqnapcloud.com’ with both IPv4 & IPv6 addresses.

My home lan router provides DHCP & DNS service courtesy dnsmasq.  Sometimes my 
local browser is unable to resolve the above domain name and the “Insecure DS 
reply received” message is seen in the router’s syslog:

Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087 
2a02:c7f:1231:2000::dc83/57269 query[A] waldorfdb.myqnapcloud.com from 
2a02:c7f:1231:2000::dc83
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087 
2a02:c7f:1231:2000::dc83/57269 forwarded waldorfdb.myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: * 
2a02:c7f:1231:2000::dc83/57269 dnssec-query[DS] myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:49 2018 daemon.warn dnsmasq[21675]: Insecure DS reply 
received, do upstream DNS servers support DNSSEC?
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: * 
2a02:c7f:1231:2000::dc83/57269 reply myqnapcloud.com is BOGUS DS
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087 
2a02:c7f:1231:2000::dc83/57269 validation waldorfdb.myqnapcloud.com is BOGUS
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087 
2a02:c7f:1231:2000::dc83/57269 reply waldorfdb.myqnapcloud.com is 151.227.238.60
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181 
query[A] waldorfdb.myqnapcloud.com from 192.168.219.142
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181 
forwarded waldorfdb.myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/51181 
dnssec-query[DS] myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:50 2018 daemon.warn dnsmasq[21675]: Insecure DS reply 
received, do upstream DNS servers support DNSSEC?
Sat Jul 28 18:13:50 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/51181 
reply myqnapcloud.com is BOGUS DS
Sat Jul 28 18:13:50 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181 
validation waldorfdb.myqnapcloud.com is BOGUS
Sat Jul 28 18:13:50 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181 
reply waldorfdb.myqnapcloud.com is 151.227.238.60

Curiously a few minutes later and all is well, or well enough that my client 
gets an answer:

Sat Jul 28 18:16:24 2018 daemon.info dnsmasq[21675]: 1121 
2a02:c7f:1231:2000::dc83/51183 query[A] waldorfdb.myqnapcloud.com from 
2a02:c7f:1231:2000::dc83
Sat Jul 28 18:16:24 2018 daemon.info dnsmasq[21675]: 1121 
2a02:c7f:1231:2000::dc83/51183 forwarded waldorfdb.myqnapcloud.com to 
2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: * 
2a02:c7f:1231:2000::dc83/51183 dnssec-query[DS] myqnapcloud.com to 
2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.warn dnsmasq[21675]: Insecure DS reply 
received, do upstream DNS servers support DNSSEC?
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: * 
2a02:c7f:1231:2000::dc83/51183 reply myqnapcloud.com is BOGUS DS
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1121 
2a02:c7f:1231:2000::dc83/51183 validation waldorfdb.myqnapcloud.com is BOGUS
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1121 
2a02:c7f:1231:2000::dc83/51183 reply waldorfdb.myqnapcloud.com is 151.227.238.60
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027 
query[A] waldorfdb.myqnapcloud.com from 192.168.219.142
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027 
forwarded waldorfdb.myqnapcloud.com to 2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/59027 
dnssec-query[DS] myqnapcloud.com to 2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/59027 
reply myqnapcloud.com is no DS
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027 
validation result is INSECURE
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027 
reply waldorfdb.myqnapcloud.com is 151.227.238.60
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123 
2a02:c7f:1231:2000::dc83/59028 query[] waldorfdb.myqnapcloud.com from 
2a02:c7f:1231:2000::dc83
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123 
2a02:c7f:1231:2000::dc83/59028 forwarded waldorfdb.myqnapcloud.com to 
2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123 
2a02:c7f:1231:2000::dc83/59028 validation result is INSECURE
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123 
2a02:c7f:1231:2000::dc83/59028 reply waldorfdb.myqnapcloud.com is 
2a02:c7f:1231:2000::c


I only seem to see this behaviour if using Google's public DNS.

Anyone else seeing this sort of thing?  Help! :-)  I’m at your disposal.

Cheers,

Kevin D-B

012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A



signature.asc
Description: Message signed with OpenPGP
___
Dnsmasq-discuss mailing

[Dnsmasq-discuss] ubus FTBFS fix

2018-07-28 Thread Kevin Darbyshire-Bryant 
Hi Simon,

A couple of FTBFS typos in master at the moment related to ubus integration.  
Fix attached, though not actually run tested..yet.

Cheers,

Kevin D-B

012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A


0005-dnsmasq.c-fix-OPT_UBUS-option-usage.patch
Description: Binary data


signature.asc
Description: Message signed with OpenPGP
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss