dev builds
themes manual
device status forums
mailing lists
IRC bugs
dev guide

Rockbox mail archive

Subject: Re: down

Re: down

From: Bob Proulx via rockbox <>
Date: Fri, 18 Dec 2020 14:16:51 -0700

Bernhard M. via rockbox wrote:
> And now for the error-messages:

The previous behavior you describe "feels" to me like a problem
validating DNSSEC. I am a little out of my depth for DNSSEC. It's
still an area that I am working through understanding. I understand
traditional DNS very well but haven't spent the time yet to work
through understanding the details of DNSSEC.

However the behavior you describe is very similar to some resolvers:

* Being able to validate DNSSEC and returning an answer
* Ignoring DNSSEC validation and returning an answer regardless
* Being unable to validate DNSSEC and returning a failure
* Sites not (yet) implementing DNSSEC but only DNS always work okay

And in particular systemd-resolvd on GNU/Linux systems is particularly
famous for being very buggy in this regard. It's a repeat offender.

This can lead to it both working perfectly for some people and failing
miserably for others. And for what appears unpredictable behavior for
mobile clients at different times on different networks. On one
network it will be okay and on another network it won't be. And only
for DNSSEC implementing domains. Domains with only DNS resolve okay.

> But now I have done the workaround someone was pointing me to:
> name_servers=
> name_servers=
> in /etc/resolvconf.conf, and it's working. But, as I wrote it's only a
> workaround.

Those are the Google public nameservers. The task for resolving DNS
and validating DNSSEC signatures falls to them. And presumably since
that is working for you then they are doing it okay. When configuring
this way the local system does not do validation and that task is for
the specified nameservers.

> The problem is left why the "official" DNS-solver of all the
> providers I use here are giving the same errors.

I have a cell phone data provider here locally that for some reason
their nameservers will not resolve DNSSEC. I can't forward DNS
queries there or sites implementing DNSSEC fail to lookup. Normally
on my laptop I would use DHCP and would use the DHCP provided DNS
nameserver for queries. But for reasons I haven't bothered to chase
down to root cause yet when I connect to my own cell data provider
this fails.

Running my own local caching nameserver on my laptop works perfectly.
Therefore I use DHCP and override the nameservers provided with my own
localhost running caching nameserver and that works perfectly.

> With this question I will let you in peace. It's working and I don't
> want to bother you any more.

Good luck!


Received on 2020-12-18

Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy