|
Title: Possible DNS outage May 5 Post by: npeterson on Tuesday 04 May 2010, 08:12:22 am On May 5 the top level dns servers will be signed with dnssec. This is a good thing for the internet, but may be a bad thing for endian users.
Endian uses dnsmasq to proxy dns requests from internal to external. However it appears dnsmasq does not support edns replys. This means come may 5 dnsmasq may not be able interpret dns requests from the root name servers. Here is a site that explains the issue and has a test to check compatibility: https://www.dns-oarc.net/oarc/services/replysizetest My test failed.. Normally i wouldn't worry and just kill dnsmasq, however it appears that endian will not let dnsmasq die and will auto-restart it. On top of that it appears that even if you have dns transparent proxy and dns anti-malware disabled, it does not disable the dns hijacking, and filters everything through dnsmasq. I have opened 2 new endian bug reports: dnsmasq does not support edns and cannot bypass - http://bugs.endian.it/view.php?id=2888 Cannot disable dnsmasq for direct root server access. - http://bugs.endian.it/view.php?id=2889 Can anyone else confirm these results? Title: Re: Possible DNS outage May 5 Post by: wharfratjoe on Wednesday 05 May 2010, 09:38:17 pm How did you perform these tests on endian? dig and nslookup are not included in endian (as far as I can see)
http://fedoraproject.org/wiki/Features/DNSSEC#How_to_Test |