From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 050E221F261 for ; Fri, 2 May 2014 07:30:38 -0700 (PDT) Received: from hms-beagle.home.lan ([217.86.120.237]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MbaS9-1WPWZk3fFN-00IzdT; Fri, 02 May 2014 16:30:30 +0200 Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Sebastian Moeller In-Reply-To: Date: Fri, 2 May 2014 16:30:27 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <8AF179A3-6AD7-4241-BDFA-7DB4B11EA84C@gmx.de> References: <535EACCB.7090104@thekelleys.org.uk> <20140428232459.GA55372@redoubt.spodhuis.org> <535FA793.8020502@thekelleys.org.uk> <20140429205757.GA70801@redoubt.spodhuis.org> <53629461.6020500@thekelleys.org.uk> To: Dave Taht X-Mailer: Apple Mail (2.1510) X-Provags-ID: V03:K0:UFTQzjgft9t6KM4IIlVdeHJbhpOx01XJX6H9auXMtDWygk4bZs2 AfPAALbj3BElGVS3nd+lj7J4YqH5G+sYvyuKBb6o7xb2g1vKs8Ogy8DvkdfAnTSsV/eVnPX K3Uc0TNAWJKOLt1c8T+Btk/EUfrfcxPeEyb046Ir8BYiMQSlstXqZUYj4yKj70wjtfY3YQL rzsHLVmjIu7E8+uG1LMpA== Cc: dnsmasq-discuss , "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2014 14:30:39 -0000 Hi List, hi Dave, On May 2, 2014, at 00:27 , Dave Taht wrote: > On Thu, May 1, 2014 at 1:26 PM, Rich Brown = wrote: >>=20 >> On May 1, 2014, at 2:37 PM, Simon Kelley = wrote: >>=20 >>> On 30/04/14 18:26, Dave Taht wrote: >>>> On Tue, Apr 29, 2014 at 1:57 PM, Phil Pennock >>>> wrote: >>=20 >> snip, snip snip... >>=20 >>>> Is the consensus to not run with negative proofs on at this = juncture? >>>=20 >>> If you want stuff to just work, turn off negative proofs, if you = want to >>> push the envelope, leave them on and complain to domain-admins. >>>=20 >>> I had some feeling that something like this might be a problem, = hence >>> the discrete controls. >>=20 >> I apologize that I haven't been following this closely, but so I'm = going to ask a TL;DR question. >>=20 >> Which places in the OpenWrt/CeroWrt GUI (or the config files) do I = use to wiggle these levers? >=20 > There is no gui support as yet. enablement is via /etc/dnsmasq.conf >=20 > I disabled (commented out) the negative proof checks in the 3.10.38-2 = release. So, I installed this just now and to my amazement it directly = picked up my ISP's dns servers immediately, unlike with the last two? = releases I did not have to resort to google's dns servers. So this looks = like the deutsche telekom setup is not ready for full dnssec (at least = not when trying to use the dns server on the primary dt router...).=20 Best Regards Sebastian >=20 >> Thanks! >>=20 >> Rich >=20 >=20 >=20 > --=20 > Dave T=E4ht >=20 > NSFW: = https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indec= ent.article > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel