|
Rockbox mail archiveSubject: Re: rockbox.org downRe: rockbox.org down
From: Bob Proulx via rockbox <rockbox_at_cool.haxx.se>
Date: Fri, 18 Dec 2020 14:16:51 -0700 Bernhard M. via rockbox wrote: > And now for the error-messages: The previous behavior you describe "feels" to me like a problem validating DNSSEC. I am a little out of my depth for DNSSEC. It's still an area that I am working through understanding. I understand traditional DNS very well but haven't spent the time yet to work through understanding the details of DNSSEC. However the behavior you describe is very similar to some resolvers: * Being able to validate DNSSEC and returning an answer * Ignoring DNSSEC validation and returning an answer regardless * Being unable to validate DNSSEC and returning a failure * Sites not (yet) implementing DNSSEC but only DNS always work okay And in particular systemd-resolvd on GNU/Linux systems is particularly famous for being very buggy in this regard. It's a repeat offender. This can lead to it both working perfectly for some people and failing miserably for others. And for what appears unpredictable behavior for mobile clients at different times on different networks. On one network it will be okay and on another network it won't be. And only for DNSSEC implementing domains. Domains with only DNS resolve okay. > But now I have done the workaround someone was pointing me to: > > name_servers=8.8.8.8 > name_servers=8.8.4.4 > > in /etc/resolvconf.conf, and it's working. But, as I wrote it's only a > workaround. Those are the Google public nameservers. The task for resolving DNS and validating DNSSEC signatures falls to them. And presumably since that is working for you then they are doing it okay. When configuring this way the local system does not do validation and that task is for the specified nameservers. > The problem is left why the "official" DNS-solver of all the > providers I use here are giving the same errors. I have a cell phone data provider here locally that for some reason their nameservers will not resolve DNSSEC. I can't forward DNS queries there or sites implementing DNSSEC fail to lookup. Normally on my laptop I would use DHCP and would use the DHCP provided DNS nameserver for queries. But for reasons I haven't bothered to chase down to root cause yet when I connect to my own cell data provider this fails. Running my own local caching nameserver on my laptop works perfectly. Therefore I use DHCP and override the nameservers provided with my own localhost running caching nameserver and that works perfectly. > With this question I will let you in peace. It's working and I don't > want to bother you any more. Good luck! Bob ------------------------------------------------------------------- Unsubscribe: http://cool.haxx.se/cgi-bin/mailman/listinfo/rockbox FAQ: http://www.rockbox.org/twiki/bin/view/Main/GeneralFAQ Etiquette: http://www.rockbox.org/mail/etiquette.html
Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy |