On Mon, 15 Sep 2008, Ray.Bellis@nominet.org.uk wrote:
In summary (based on 24 tested units):
"... we conclude that just 6 units (25%) operate with full DNSSEC compatibility "out of the box." 9 units (37%) can be reconfigured to bypass DNS proxy incompatibilities. Unfortunately, the rest (38%) lack reconfigurable DHCP DNS parameters, making it harder for LAN clients to bypass their interference with DNSSEC use.
Wow. So nothing much changed in almost a year, when this issue was first found by .SE. I was hoping that modern DSL/wifi routers which supports 802.11n would have had fixed their firmware by now.
These findings, their potential impact on DNSSEC use by broadband consumers, and implications for router/firewall manufacturers, are presented and analyzed in this report. "
The report is excellent. Thank you very much for sharing it with us. I have two questions. 1) Vendor actions What are the vendor status and/or responses? Were they contacted? did they respond? Are they planning updates? 2) base OS? Is there a similarity in these firmwares? eg are they using the same DNS software inside? Perhaps the vendors are not the people we should be talking to? For instance, many Linux based routers use the "dnsmasq" software. Depending on its status, it might be worth contacting the upstream software provider of the commercial router vendors. Paul