From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 76A4021F113
	for <cerowrt-devel@lists.bufferbloat.net>;
	Wed, 29 Jan 2014 14:29:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at example.com
Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000)
	id D9C8A1521E; Wed, 29 Jan 2014 23:30:36 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310;
	t=1391034544; bh=htdT19DOQLOMjaGn516tUPNQkcgyiwVOz2+9DSe2+O0=;
	h=From:To:Cc:Subject:References:Date:In-Reply-To;
	b=g9DPpD1tslfjlhyDCq5GtGYMMPMNv4gr3IDfLZfSN4PJECpUaOgDjqQpAHxTkZLpU
	QJyPCjF3jd/a33LJs0iyKeFOUxco0ZbHS4rty2Goa1c4aF05y7a5CBPwL8ZGoa159b
	9XVy+5TlAu4m8PGHLTwKICynDRz+CIzQctCMJJ8c=
From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
To: Dave Taht <dave.taht@gmail.com>
References: <CAA93jw5WAanz+hygGFHRNGsD=k1J3rC1ge_EVJgEGsC8oHGjHw@mail.gmail.com>
	<87ppna30qx.fsf@alrua-x1.kau.toke.dk>
	<CAA93jw5fi=ZAFCEaJofcx2DFpq9cRp7AHc7V=kLiyzw5=8ri6w@mail.gmail.com>
Date: Wed, 29 Jan 2014 23:30:34 +0100
In-Reply-To: <CAA93jw5fi=ZAFCEaJofcx2DFpq9cRp7AHc7V=kLiyzw5=8ri6w@mail.gmail.com>
	(Dave Taht's message of "Wed, 29 Jan 2014 14:10:18 -0800")
Message-ID: <87lhxy2zg5.fsf@alrua-x1.kau.toke.dk>
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Cc: dnsmasq-discuss <Dnsmasq-discuss@lists.thekelleys.org.uk>,
	"cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] coping with ipv6 source routing and dns
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2014 22:29:11 -0000

--=-=-=
Content-Type: text/plain

Dave Taht <dave.taht@gmail.com> writes:

> Since most forwarders can't be trusted to return NXDOMAIN, an internal
> email box at several of my sites runs dns directly. A few dnsrbl
> providers offer ipv6 transport, so it's possible.

Ah, I see. I just run bind on cerowrt. Have to set an ntp server by IP
(or in /etc/hosts; I use an internal GPS-backed server) to bootstrap,
but otherwise it works well.

> One advantage of dnssec is we get NXDOMAIN working again, so a
> forwarder can be used...

Presumably only if the forwarder doesn't strip the dnssec stuff?

-Toke

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCAAGBQJS6YEKAAoJEENeEGz1+utPS6kH/Rtdf7XGebY5FGIq6qI6n9Xi
q1Q1rkPc2XVOyPz4+sVnpAvagcwhRk5YJ9wKFp4SQqTjPSP8ry8Ey1+1d3FTrKIZ
YEf1eV0sp4NYJgolYYa4xp8XKR+q0fZJcqvi+K9Bj7F+QoCZ4qriOadAnGBCP13P
FDNM7pjzA51iMU+dA6o0ORLBXWv/Uy+5o9L2TO3T0mt7+oKZkc/snxkzf1cX4OV2
EQK6PF1FCGdTsoziS9NPbEzjqtmFqOh3iVTIg+/dAMvsNKCWVW2rM5MWTTJtTUvn
oiGj4AcVZXox5BvEGt1MprkIKGBGqCCbKwJrNBVvb1ClNg51jUNXqoVeZfTFOiA=
=0Sku
-----END PGP SIGNATURE-----
--=-=-=--