From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 324C121F0F0 for ; Sun, 30 Mar 2014 12:30:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at example.com Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 57E5A1CA5B; Sun, 30 Mar 2014 21:30:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1396207803; bh=Wj+9glNkft8ci7GqMnz+m/CXKA1IsEBhmbqt/GJa+Z8=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=hmFdxzx6m+LpJ1tszL9qs8Ohr4dl7tJq41uDVvNy7hX7z+Q6GezjHuk8uuODiiHKc Ivmxp61WWEBeOyA7G1qj1dIy/79Gv/pmL3FN/LIH925/uFc0D0yKW/cFoWU/3vi9Z4 mweEd6w3J8D+FBpDP0UZbWAJPbXdlay8bnvbALBE= From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: Dave Taht References: <532DD9DD.8040301@thekelleys.org.uk> <871txut453.fsf@alrua-x1.karlstad.toke.dk> <532DE7A8.3010504@thekelleys.org.uk> <87ppleroks.fsf@alrua-x1.karlstad.toke.dk> <53348C32.4040907@thekelleys.org.uk> <87ha6idabz.fsf@alrua-x1.karlstad.toke.dk> <53353C07.9030000@thekelleys.org.uk> <87eh1madfy.fsf@toke.dk> <533551F6.9010402@thekelleys.org.uk> <87lhvu8uqi.fsf@toke.dk> <5335E1BD.7010304@thekelleys.org.uk> <87k3bdbbt6.fsf@alrua-x1.karlstad.toke.dk> <87bnwpb7f7.fsf_-_@alrua-x1.karlstad.toke.dk> <421.1396128076@sandelman.ca> <877g7bbz5g.fsf@alrua-x1.karlstad.toke.dk> Date: Sun, 30 Mar 2014 21:30:00 +0200 In-Reply-To: <877g7bbz5g.fsf@alrua-x1.karlstad.toke.dk> ("Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen=22's?= message of "Sun, 30 Mar 2014 15:21:15 +0200") Message-ID: <87ppl3a3if.fsf@alrua-x1.karlstad.toke.dk> Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] DNSSEC & NTP Bootstrapping -- prototype! X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2014 19:30:15 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Toke H=C3=B8iland-J=C3=B8rgensen writes: > This would involve teaching the uclibc resolver about the CD bit and > expose it in the resolver API I think. Can look into how difficult > this actually is to do; with the caveat that I'm not exactly an expert > on such code :P OK, went looking at the code. As far as I can tell, it would probably be possible to teach the part of uclibc that does DNS lookups about the CD bit. However, I'm not sure there's a way to pass the request for no validation through the resolver to the right place; certainly not without entirely reworking the way ntpd does hostname lookups (and possibly other parts of the C library as well). Either way it's not something I feel up to with the time I have available for hacking on cerowrt. So I am abandoning this avenue of enquiry. I'll be happy to work on improving the dnsmasq script with the =2D-dnssec-no-timecheck parameter approach; but if it is going to be rejected in favour of a different approach I'd rather not waste any more time on it... :) =2DToke --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCAAGBQJTOHC4AAoJEENeEGz1+utPU0oH/ivMh2sxZbylw/C1syw8OgjM YV9YkujUfILPQXG4OUjoHaBydmYw7vsF1S/4JmG8kTM0ebayhxowi+T77+CkLGY+ YuvkSgUB2iDYo9C5Jt74U/L87nYBV70JMRtPGxQDXsUa7qZlmqdc9oSLPXSVbExM kDQg/Byxy0bPz6XzlmjUw/OrI58UrQ016t6wlYqBooi22K6rnDAGofpDvgLf+orW abPHyE/dgmFg+WpyqVSEWmL//7cfTukGsdb4NcI12cW0xbJP4Ba8bi7eTAx8fekn szzL3+sxf+uXwhKxEd4LiRlpwY9bM/46jSZfmgQS0LDE5sRdptBHlnmHXyfwFwo= =jNb0 -----END PGP SIGNATURE----- --=-=-=--