From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by huchra.bufferbloat.net (Postfix) with ESMTP id 5E83321F205 for ; Mon, 13 Apr 2015 07:02:53 -0700 (PDT) Received: from [IPv6:2602:ae:17d2:9000:5d20:21a1:4fe1:c6ab] (unknown [IPv6:2602:ae:17d2:9000:5d20:21a1:4fe1:c6ab]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id B193F2013A; Mon, 13 Apr 2015 16:02:50 +0200 (CEST) Message-ID: <552BCC88.3000908@petit-huguenin.org> Date: Mon, 13 Apr 2015 08:02:48 -0600 From: Marc Petit-Huguenin User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 MIME-Version: 1.0 To: Kevin Darbyshire-Bryant , cerowrt-devel@lists.bufferbloat.net References: <5519712F.7030309@petit-huguenin.org> <55198CBE.1030001@thekelleys.org.uk> <55199322.9030805@petit-huguenin.org> <552937B3.10008@petit-huguenin.org> <55294C81.9000709@darbyshire-bryant.me.uk> In-Reply-To: <55294C81.9000709@darbyshire-bryant.me.uk> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="4ckCENUrLIigSclRbFaeucwPltr5NUrW3" Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Apr 2015 14:03:26 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4ckCENUrLIigSclRbFaeucwPltr5NUrW3 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/11/2015 10:32 AM, Kevin Darbyshire-Bryant wrote: > On 11/04/2015 16:03, Marc Petit-Huguenin wrote: >> On 03/30/2015 12:42 PM, Dave Taht wrote: >>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know ther= e >>> was a problem til today... >> So I suppose that means that Cerowrt is now unmaintained and that I sh= ould switch to something else, because my job requires near constant acce= ss to www.ietf.org and I will not disable DNSSEC. >> >> So, what would you recommend for my WNDR3800? >> >> Thanks. >=20 > Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4= > with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and > can browse the site you mention without obvious problem. I confirm that with openwrt trunk, I am now able to securely resolve www.= ietf.org. Thanks. >=20 > The automatic determination of 'valid current time' and hence checking > signature timestamps has an issue: The startup script uses 'touch -t > 1970epoch timestampfile' to pre-create a timestamp file which slightly > defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an > invalid option. >=20 --=20 Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug --4ckCENUrLIigSclRbFaeucwPltr5NUrW3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVK8yIAAoJECnERZXWan7ElTMP/00hjPIGtJ6zlY9TKQ3XSLnk p6ETfqn9K3RUHawQo0nwVXBBYjOKJqHho5sT36AYDcimOI5/6WTWhh8X4PgwQf5h G0Hp55Lc4C9MRLV/sBS6XtMiJTN5dwqMXNWavA9PsPdA2b6lRs8sZTwg5UFFkLYH PSLIXSCo+PUMvwdOdTiGwXp8Kn4wN3XqrS2TmyCjrWF/i3U0ZV7DbPcA03icszZ5 JwV5jRZ1L2/G2rMBVNIpp5fkWtWarPANEa79bQ7qO11DeQTq9NK6TQhtL7kiJXEL 82GQRNsrT8Z9i1YK5meZhOsShl2c1LjNxewLTdXDh/1Cx10s1Mn1Gl6e5/0OU3FA RjE6D7agvm/T+YDKBjN6ZoivLYxWfRhA+OOB2WovRWaMulTaN00xmVzBGysuVfTg +Bs85mUM+l5htQvDfhAGtA5BXPMoBqRP+hWC4I5ZQTwuIqdmG7YEof2vK3wlxUpk KGxG0sgFRTfTtpj/mTUhfSrIF0ykUZ2i3vkYflLBxLqU2CubbrXg4YYVAa0IwbHd CIJ8Q/9G5vPm+TxTx7DNmxRpsbuVm/Z/eAzihJ+oPKZQdDvRVT2/zRuNg1bKryC1 VwI5t+MouvtIm1+ty2PmA6f+PlqOby0LVdBcOlz/8yToVc10PMfW/qw5Asze7KWM 1cv6MmObWqdV+JbYrz8G =9/hk -----END PGP SIGNATURE----- --4ckCENUrLIigSclRbFaeucwPltr5NUrW3--