What does unbound or bind do?
On Thu, Apr 24, 2014 at 5:35 AM, Aaron Wood wrote:
> And if I use Free.fr's servers, the DS resolves (I'm running CeroWRT
> double-NAT behind a Freebox v6):
>
> dig @192.168.1.254 DS e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
>
> ; <<>> DiG 9.8.5-P1 <<>> @192.16
And if I use Free.fr's servers, the DS resolves (I'm running CeroWRT
double-NAT behind a Freebox v6):
dig @192.168.1.254 DS e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
; <<>> DiG 9.8.5-P1 <<>> @192.168.1.254 DS
e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
; (1 server found)
;; global optio
Well, I'm seeing the same results as you are from here in Paris (using
Free.fr).
-Aaron
On Thu, Apr 24, 2014 at 1:27 PM, Simon Kelley wrote:
> On 24/04/14 11:49, Aaron Wood wrote:
>
> >
> >> Dnsmasq does the DS query next because the answer to the A query comes
> >> back unsigned, so dnsmasq is
On 24/04/14 11:49, Aaron Wood wrote:
>
>> Dnsmasq does the DS query next because the answer to the A query comes
>> back unsigned, so dnsmasq is looking for a DS record that proves this is
>> OK. It's likely that Verisign does that top-down (starting from the
>> root) whilst dnsmasq does it botto
On Wed, Apr 23, 2014 at 5:58 PM, Simon Kelley wrote:
> On 23/04/14 16:42, Dave Taht wrote:
> > I will argue that a better place to report dnssec validation
> > errors is the dnsmasq list.
> >
> > On Wed, Apr 23, 2014 at 8:31 AM, Aaron Wood wrote:
> >> Wed Apr 23 15:13:05 2014 daemon.info dnsm
On 23/04/14 18:29, Dave Taht wrote:
> On Wed, Apr 23, 2014 at 10:18 AM, Aaron Wood wrote:
>> On Wed, Apr 23, 2014 at 6:44 PM, Robert Bradley
>> wrote:
>>>
>>>
; <<>> DiG 9.8.1-P1 <<>> +cd @8.8.8.8 a
e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
>>>
But a query for DS on the
On Wed, Apr 23, 2014 at 10:18 AM, Aaron Wood wrote:
> On Wed, Apr 23, 2014 at 6:44 PM, Robert Bradley
> wrote:
>>
>>
>> > ; <<>> DiG 9.8.1-P1 <<>> +cd @8.8.8.8 a
>> > e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net
>>
>> >
>> > But a query for DS on the same domain, which is what dnsmasq does ne
On 23/04/14 16:42, Dave Taht wrote:
> I will argue that a better place to report dnssec validation
> errors is the dnsmasq list.
>
> On Wed, Apr 23, 2014 at 8:31 AM, Aaron Wood wrote:
>> Wed Apr 23 15:13:05 2014 daemon.info dnsmasq[29719]: query[A]
>> e3191.dscc.akamaiedge.net.0.1.cn.akamaied
I will argue that a better place to report dnssec validation
errors is the dnsmasq list.
On Wed, Apr 23, 2014 at 8:31 AM, Aaron Wood wrote:
> Wed Apr 23 15:13:05 2014 daemon.info dnsmasq[29719]: query[A]
> e3191.dscc.akamaiedge.net.0.1.cn.akamaiedge.net from 172.30.42.99
> Wed Apr 23 15:13:05