From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <simon@thekelleys.org.uk>
Received: from eyas.biff.org.uk (eyas.biff.org.uk [IPv6:2001:41c8:1:519c::20])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id C3DE2201B88
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun,  9 Feb 2014 13:02:29 -0800 (PST)
Received: from cl-1441.lon-02.gb.sixxs.net ([2a01:348:6:5a0::2]:47423
	helo=central.thekelleys.org.uk)
	by eyas.biff.org.uk with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:256)
	(Exim 4.80) (envelope-from <simon@thekelleys.org.uk>)
	id 1WCbWF-0001re-6N; Sun, 09 Feb 2014 21:02:27 +0000
Received: from spike.thekelleys.org.uk ([192.168.0.193])
	by central.thekelleys.org.uk with esmtpa (Exim 4.72)
	(envelope-from <simon@thekelleys.org.uk>)
	id 1WCbWC-00053o-A1; Sun, 09 Feb 2014 21:02:24 +0000
Message-ID: <52F7ECE0.7080201@thekelleys.org.uk>
Date: Sun, 09 Feb 2014 21:02:24 +0000
From: Simon Kelley <simon@thekelleys.org.uk>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.9.1.16) Gecko/20120726 Icedove/3.0.11
MIME-Version: 1.0
To: Dave Taht <dave.taht@gmail.com>
References: <CAA93jw4nAzXdgRq34SXssOBS_F0Jh8qfLVRMj9_0h3jv3OUrUA@mail.gmail.com>	<87a9e6xcae.fsf@alrua-x1.kau.toke.dk>	<87ob2lmqny.fsf@toke.dk>	<52F29645.6010001@thekelleys.org.uk>	<874n4dwcdb.fsf@alrua-x1.kau.toke.dk>	<52F2BA80.9010202@thekelleys.org.uk>	<87iossvgw4.fsf@alrua-x1.kau.toke.dk>	<52F369AA.5060809@thekelleys.org.uk>	<8761osv78r.fsf@alrua-x1.kau.toke.dk>	<52F371B3.5030406@thekelleys.org.uk>	<87k3d8mna8.fsf@toke.dk>	<52F3A3B2.8020201@thekelleys.org.uk>	<87ppmw7ajj.fsf@toke.dk>	<52F77349.40305@thekelleys.org.uk>	<87lhxk78pa.fsf@toke.dk>
	<CAA93jw7CvCyLxNj7KYnN9FtFxA-0u4q8JcSe73574ojjUZj4Jg@mail.gmail.com>
In-Reply-To: <CAA93jw7CvCyLxNj7KYnN9FtFxA-0u4q8JcSe73574ojjUZj4Jg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC.
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 09 Feb 2014 21:02:30 -0000

On 09/02/14 18:04, Dave Taht wrote:
> Got the right time?

See my previous reply: the signature inception time for .dk I'm seeing 
is quite recent, so there's not much slack to play with.

>
> I have no idea how to deal with the time headache still, besides adding
> an un-validating-resolver to ntpdate, and sanity checks in dnsmasq  like
> (if system time is<  my build time, don't do dnssec) - but the latter
> is imperfect.
>
> http://www.bufferbloat.net/issues/113
>


Cheers,

Simon.