...because at the time I negotiated the SuperHub 5 when they suddenly deactivated my SuperHub 3 with no notice, I wasn't flush with cash and I expected a brand new device to you know, work. My AX3000 has been in Access Point mode providing wireless for the rear of the house.

Honestly I expected more after all the previous problems with Virgin router firmwares and chipsets, I thought they would have learnt better by now, this SH5 doesn't even passthru DHCP requests to my server for approximately half of my Android devices on wireless, I have to specify their IPs manually, wth is that about?

My personal finances and choice of network topology are irrelevant though.

Your wild supposition doesn't really answer why the sudden changes after years of successful usage on a SH3 and SH5, it would be more realistic to assume a policy change.

They are very successfully implementing court ordered blocks to domains such as TPB, etc... I really don't understand why we should have even less privacy with DNSSEC being blocked (arguably as important to the future of a secure internet as SPF and SenderID is to reducing spam email, DNSSEC is going to see much more common usage, it's not just for nerds now, quite a few OSes/devices have it baked in now).

I assume it's a method to force standard DNS usage which can be harvested quite trivially (even using non VM DNS) without having to invest in deep packet inspection to log our browsing habits.

Well I bought another AX3000 now, DNSSEC problem resolved, DHCP problem resolved, faster wireless, faster speedtests, more control.

I was dumb to get my hopes up about the SH5.

It was also a blast during this fault finding process to find I couldn't get through to technical support on the phone until I have payed an invoice that isn't due until the 15th of September... stay classy Virgin.

"Your wild supposition" was a reply to legacy1 if you see the header of the post as he took a stab of guestimating the process.

I've been a sysadmin for 20 years mate, I wasn't disrespecting you, there's only so much we can infer by packet sniffing, etc. Suffice to say, non of us have written this god awful firmware originally developed for the US market (where they love to sniff your traffic for profit and LEA) before the thing was rebranded and had a new shell slapped on it and deployed it on an underpowered chipset and none of us can fathom the spaghetti logic implemented.

Regarding asking for a SH5, I simply needed a new router after they refused to let me use a SH2 (I misspoke when I said SH3, I refused to touch that trash after the whole Puma chipset, jitter issues) anymore and needed half decent wireless, my fault for expecting it to be feature complete.

None of this explains why I used to be able to use DNSSEC and it's suddenly stopped working, I configured the thing week one, seven months ago and have barely touched it since, for it to suddenly change seems nefarious as there are plenty of reasons for preventing DNSSEC that benefit VM.