Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 29 December 2024, 11:53:46 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Possible DNS outage May 5
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Possible DNS outage May 5  (Read 11797 times)
npeterson
Full Member
***
Offline Offline

Posts: 90


« on: Tuesday 04 May 2010, 08:12:22 am »

On May 5 the top level dns servers will be signed with dnssec. This is a good thing for the internet, but may be a bad thing for endian users.

Endian uses dnsmasq to proxy dns requests from internal to external. However it appears dnsmasq does not support edns replys. This means come may 5 dnsmasq may not be able interpret dns requests from the root name servers.

Here is a site that explains the issue and has a test to check compatibility: https://www.dns-oarc.net/oarc/services/replysizetest

My test failed..

Normally i wouldn't worry and just kill dnsmasq, however it appears that endian will not let  dnsmasq die and will auto-restart it. On top of that it appears that even if you have dns transparent proxy and dns anti-malware disabled,  it does not disable the dns hijacking, and filters everything through dnsmasq.

I have opened 2 new endian bug reports:
dnsmasq does not support edns and cannot bypass - http://bugs.endian.it/view.php?id=2888
Cannot disable dnsmasq for direct root server access.  - http://bugs.endian.it/view.php?id=2889

Can anyone else confirm these results?
Logged
wharfratjoe
Full Member
***
Offline Offline

Posts: 17


« Reply #1 on: Wednesday 05 May 2010, 09:38:17 pm »

How did you perform these tests on endian? dig and nslookup are not included in endian (as far as I can see)

http://fedoraproject.org/wiki/Features/DNSSEC#How_to_Test
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com