Menu
What's new
By:
Filters Better Search

Certain Domains Don't Resolve With DNSSec Enabled

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

HarryMuscle

Senior Member
I'm setting up my RT-AX86U router to use ControlD DNS servers. Everything is working great, but I noticed two domains that wouldn't resolve (theweathernetwork.com and aqueon.com) even though I'm not filtering anything. After a bit of troubleshooting, it turns out this is somehow because of DNSSec being enabled. As soon as I disable DNSSec, the domains resolve. Leaving DNSSec enabled but validating unsigned replies didn't work, it's only when I fully disable DNSSec that these domains get resolved. Any way to figure out if this is a bug on the router or on the DNS server?

Thanks,
Harry
 
HarryMuscle said:
I'm setting up my RT-AX86U router to use ControlD DNS servers. Everything is working great, but I noticed two domains that wouldn't resolve (theweathernetwork.com and aqueon.com) even though I'm not filtering anything. After a bit of troubleshooting, it turns out this is somehow because of DNSSec being enabled. As soon as I disable DNSSec, the domains resolve. Leaving DNSSec enabled but validating unsigned replies didn't work, it's only when I fully disable DNSSec that these domains get resolved. Any way to figure out if this is a bug on the router or on the DNS server?

Thanks,
Harry
Click to expand...
DNSSEC is working well with well established upstream resolver. Most likely the ControlD resolver. Your best bet is to use something other than one with gimmicks.
 
bbunge said:
DNSSEC is working well with well established upstream resolver. Most likely the ControlD resolver. Your best bet is to use something other than one with gimmicks.
Click to expand...
Yup, it's on ControlD's end. Since they filter stuff (like ads, etc) it can mess with DNSSec apparently ... I'm guessing a subdomain of the domains that weren't resolving was blocked (probably cause it's used to display ads) and that caused the main domains to not pass the DNSSec signature check.
 
You must log in or register to reply here.

Similar threads

H
Solved DNS Rebind Attack Message For Only Two Domains
Replies
4
Views
673
Viktor Jaep
Viktor Jaep
L
Is It Possible To Exclude IPv6 Data For Certain LAN IP's Using VPN Director Rules?
Replies
12
Views
2K
learning_curve
L
I
Huge Bufferbloat with ASUS RT-AX86U and installed the latest Merlin Firmware. 500mbps up/down connection
2 3 4
Replies
60
Views
22K
Ryn0
R
mmseng
Disabling "Access Intranet" on RT-AX86U guest network causes IoT devices on primary network to repeatedly disconnect
2
Replies
31
Views
3K
bennor
B
6
RT-N66U - Merlin 380.70 - DNSSEC Resolve issues -> Fixed in later versions?
Replies
4
Views
3K
64bitguy
6
Similar threads
Thread starter Title Forum Replies Date
R Script to detect backup wan and disable certain devices from internet access Asuswrt-Merlin 0
D How to restrict VPN network access to certain IP Range or Hosts for specific VPN client Asuswrt-Merlin 8
P Catch all IPs from certain port and add them to ipset list? Asuswrt-Merlin 18
M Plex on 11000 Pro - Issues with certain files Asuswrt-Merlin 5
icanfly custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS Asuswrt-Merlin 2
J Solved OpenVPN clients can't resolve custom domains defined in dnsmasq config Asuswrt-Merlin 2
H Solved DNS Rebind Attack Message For Only Two Domains Asuswrt-Merlin 4
R Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2 Asuswrt-Merlin 13
D Network Services Filter - rules don't persist? Asuswrt-Merlin 13
V@no Don't show warning page when page was blocked? Asuswrt-Merlin 16

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,051 (members: 33, guests: 1,018)
Top