Rockbox mail archiveSubject: Re: rockbox.org down
Re: rockbox.org down
From: Bob Proulx via rockbox <rockbox_at_cool.haxx.se>
Date: Fri, 18 Dec 2020 14:16:51 -0700
Bernhard M. via rockbox wrote:
> And now for the error-messages:
The previous behavior you describe "feels" to me like a problem
validating DNSSEC. I am a little out of my depth for DNSSEC. It's
still an area that I am working through understanding. I understand
traditional DNS very well but haven't spent the time yet to work
through understanding the details of DNSSEC.
However the behavior you describe is very similar to some resolvers:
* Being able to validate DNSSEC and returning an answer
* Ignoring DNSSEC validation and returning an answer regardless
* Being unable to validate DNSSEC and returning a failure
* Sites not (yet) implementing DNSSEC but only DNS always work okay
And in particular systemd-resolvd on GNU/Linux systems is particularly
famous for being very buggy in this regard. It's a repeat offender.
This can lead to it both working perfectly for some people and failing
miserably for others. And for what appears unpredictable behavior for
mobile clients at different times on different networks. On one
network it will be okay and on another network it won't be. And only
for DNSSEC implementing domains. Domains with only DNS resolve okay.
> But now I have done the workaround someone was pointing me to:
> in /etc/resolvconf.conf, and it's working. But, as I wrote it's only a
Those are the Google public nameservers. The task for resolving DNS
and validating DNSSEC signatures falls to them. And presumably since
that is working for you then they are doing it okay. When configuring
this way the local system does not do validation and that task is for
the specified nameservers.
> The problem is left why the "official" DNS-solver of all the
> providers I use here are giving the same errors.
I have a cell phone data provider here locally that for some reason
their nameservers will not resolve DNSSEC. I can't forward DNS
queries there or sites implementing DNSSEC fail to lookup. Normally
on my laptop I would use DHCP and would use the DHCP provided DNS
nameserver for queries. But for reasons I haven't bothered to chase
down to root cause yet when I connect to my own cell data provider
Running my own local caching nameserver on my laptop works perfectly.
Therefore I use DHCP and override the nameservers provided with my own
localhost running caching nameserver and that works perfectly.
> With this question I will let you in peace. It's working and I don't
> want to bother you any more.