* [Cerowrt-devel] DNSSEC and www.ietf.org @ 2015-03-30 15:52 Marc Petit-Huguenin 2015-03-30 15:58 ` Dave Taht 0 siblings, 1 reply; 12+ messages in thread From: Marc Petit-Huguenin @ 2015-03-30 15:52 UTC (permalink / raw) To: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 272 bytes --] Am I the only one who cannot access www.ietf.org since Cloudflare enabled DNSSEC? (with dnsmasq-full 2.73-3) Thanks. -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] DNSSEC and www.ietf.org 2015-03-30 15:52 [Cerowrt-devel] DNSSEC and www.ietf.org Marc Petit-Huguenin @ 2015-03-30 15:58 ` Dave Taht 2015-03-30 16:19 ` David Personette 2015-03-30 17:49 ` [Cerowrt-devel] [Dnsmasq-discuss] " Simon Kelley 0 siblings, 2 replies; 12+ messages in thread From: Dave Taht @ 2015-03-30 15:58 UTC (permalink / raw) To: Marc Petit-Huguenin; +Cc: dnsmasq-discuss, cerowrt-devel I have trouble accessing ietf.org, also, with older versions of dnsmasq + dnssec, presently. On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin <marc@petit-huguenin.org> wrote: > Am I the only one who cannot access www.ietf.org since Cloudflare enabled DNSSEC? (with dnsmasq-full 2.73-3) > > Thanks. > > -- > Marc Petit-Huguenin > Email: marc@petit-huguenin.org > Blog: http://blog.marc.petit-huguenin.org > Profile: http://www.linkedin.com/in/petithug > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > -- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] DNSSEC and www.ietf.org 2015-03-30 15:58 ` Dave Taht @ 2015-03-30 16:19 ` David Personette 2015-03-30 17:49 ` [Cerowrt-devel] [Dnsmasq-discuss] " Simon Kelley 1 sibling, 0 replies; 12+ messages in thread From: David Personette @ 2015-03-30 16:19 UTC (permalink / raw) To: Dave Taht; +Cc: dnsmasq-discuss, cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 1546 bytes --] Dave, Sorry to be pedantic, but did you mean: A) You did have the issue with older versions, and you still see that issue with those old versions. B) You did have the issue with older versions, and you also have it with the current beta version of dnsmasq. Thanks. P.S. I'd had several weeks of issues with DNSsec enabled (due to the Google issue), and disabled it about a week or two ago. -- David P. On Mon, Mar 30, 2015 at 11:58 AM, Dave Taht <dave.taht@gmail.com> wrote: > I have trouble accessing ietf.org, also, with older versions of > dnsmasq + dnssec, presently. > > On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin > <marc@petit-huguenin.org> wrote: > > Am I the only one who cannot access www.ietf.org since Cloudflare > enabled DNSSEC? (with dnsmasq-full 2.73-3) > > > > Thanks. > > > > -- > > Marc Petit-Huguenin > > Email: marc@petit-huguenin.org > > Blog: http://blog.marc.petit-huguenin.org > > Profile: http://www.linkedin.com/in/petithug > > > > > > _______________________________________________ > > Cerowrt-devel mailing list > > Cerowrt-devel@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > > > > > -- > Dave Täht > Let's make wifi fast, less jittery and reliable again! > > https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > [-- Attachment #2: Type: text/html, Size: 3026 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-03-30 15:58 ` Dave Taht 2015-03-30 16:19 ` David Personette @ 2015-03-30 17:49 ` Simon Kelley 2015-03-30 18:17 ` Marc Petit-Huguenin 1 sibling, 1 reply; 12+ messages in thread From: Simon Kelley @ 2015-03-30 17:49 UTC (permalink / raw) To: Dave Taht, Marc Petit-Huguenin; +Cc: dnsmasq-discuss, cerowrt-devel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dnsmasq bug, should be fixed in 2.73rc3 pls shout if not. (the problem is that the clouldflare.bet zone includes the domains /003.cloudflare.net (that's ctrl-c at the start) and that was confusing dnsmasq.) Simon. On 30/03/15 16:58, Dave Taht wrote: > I have trouble accessing ietf.org, also, with older versions of > dnsmasq + dnssec, presently. > > On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin > <marc@petit-huguenin.org> wrote: >> Am I the only one who cannot access www.ietf.org since Cloudflare >> enabled DNSSEC? (with dnsmasq-full 2.73-3) >> >> Thanks. >> >> -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: >> http://blog.marc.petit-huguenin.org Profile: >> http://www.linkedin.com/in/petithug >> >> >> _______________________________________________ Cerowrt-devel >> mailing list Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel >> > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlUZjL4ACgkQKPyGmiibgrdYXgCfRcv1bxlH05WXnDXSBXBenBfZ 5MsAmwTzuoR4mXsDlJCb4Cxpqe6hC8uQ =8QuA -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-03-30 17:49 ` [Cerowrt-devel] [Dnsmasq-discuss] " Simon Kelley @ 2015-03-30 18:17 ` Marc Petit-Huguenin 2015-03-30 18:42 ` Dave Taht 0 siblings, 1 reply; 12+ messages in thread From: Marc Petit-Huguenin @ 2015-03-30 18:17 UTC (permalink / raw) To: Simon Kelley, Dave Taht; +Cc: dnsmasq-discuss, cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 1258 bytes --] On 03/30/2015 11:49 AM, Simon Kelley wrote: > Dnsmasq bug, should be fixed in 2.73rc3 pls shout if not. > > (the problem is that the clouldflare.bet zone includes the domains > /003.cloudflare.net (that's ctrl-c at the start) and that was > confusing dnsmasq.) Thanks. Dave, any chance to get a build of 2.73rc3? > > Simon. > > > > On 30/03/15 16:58, Dave Taht wrote: >> I have trouble accessing ietf.org, also, with older versions of >> dnsmasq + dnssec, presently. > >> On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin >> <marc@petit-huguenin.org> wrote: >>> Am I the only one who cannot access www.ietf.org since Cloudflare >>> enabled DNSSEC? (with dnsmasq-full 2.73-3) >>> >>> Thanks. >>> >>> -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: >>> http://blog.marc.petit-huguenin.org Profile: >>> http://www.linkedin.com/in/petithug >>> >>> >>> _______________________________________________ Cerowrt-devel >>> mailing list Cerowrt-devel@lists.bufferbloat.net >>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >>> > > > > > -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-03-30 18:17 ` Marc Petit-Huguenin @ 2015-03-30 18:42 ` Dave Taht 2015-04-11 15:03 ` Marc Petit-Huguenin 0 siblings, 1 reply; 12+ messages in thread From: Dave Taht @ 2015-03-30 18:42 UTC (permalink / raw) To: Marc Petit-Huguenin; +Cc: dnsmasq-discuss, cerowrt-devel for cerowrt-3.10? Really wasn't planning on it. Didn't even know there was a problem til today... for my current openwrt builds - you betcha. thursday-ish. On Mon, Mar 30, 2015 at 11:17 AM, Marc Petit-Huguenin <marc@petit-huguenin.org> wrote: > On 03/30/2015 11:49 AM, Simon Kelley wrote: >> Dnsmasq bug, should be fixed in 2.73rc3 pls shout if not. >> >> (the problem is that the clouldflare.bet zone includes the domains >> /003.cloudflare.net (that's ctrl-c at the start) and that was >> confusing dnsmasq.) > > Thanks. > > Dave, any chance to get a build of 2.73rc3? > >> >> Simon. >> >> >> >> On 30/03/15 16:58, Dave Taht wrote: >>> I have trouble accessing ietf.org, also, with older versions of >>> dnsmasq + dnssec, presently. >> >>> On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin >>> <marc@petit-huguenin.org> wrote: >>>> Am I the only one who cannot access www.ietf.org since Cloudflare >>>> enabled DNSSEC? (with dnsmasq-full 2.73-3) >>>> >>>> Thanks. >>>> >>>> -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: >>>> http://blog.marc.petit-huguenin.org Profile: >>>> http://www.linkedin.com/in/petithug >>>> >>>> >>>> _______________________________________________ Cerowrt-devel >>>> mailing list Cerowrt-devel@lists.bufferbloat.net >>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >>>> >> >> >> >> >> > > -- > Marc Petit-Huguenin > Email: marc@petit-huguenin.org > Blog: http://blog.marc.petit-huguenin.org > Profile: http://www.linkedin.com/in/petithug > -- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-03-30 18:42 ` Dave Taht @ 2015-04-11 15:03 ` Marc Petit-Huguenin 2015-04-11 16:32 ` Kevin Darbyshire-Bryant 2015-04-11 16:38 ` Dave Taht 0 siblings, 2 replies; 12+ messages in thread From: Marc Petit-Huguenin @ 2015-04-11 15:03 UTC (permalink / raw) To: Dave Taht; +Cc: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 1502 bytes --] On 03/30/2015 12:42 PM, Dave Taht wrote: > for cerowrt-3.10? Really wasn't planning on it. Didn't even know there > was a problem til today... So I suppose that means that Cerowrt is now unmaintained and that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC. So, what would you recommend for my WNDR3800? Thanks. > > for my current openwrt builds - you betcha. thursday-ish. > > On Mon, Mar 30, 2015 at 11:17 AM, Marc Petit-Huguenin > <marc@petit-huguenin.org> wrote: >> On 03/30/2015 11:49 AM, Simon Kelley wrote: >>> Dnsmasq bug, should be fixed in 2.73rc3 pls shout if not. >>> >>> (the problem is that the clouldflare.bet zone includes the domains >>> /003.cloudflare.net (that's ctrl-c at the start) and that was >>> confusing dnsmasq.) >> >> Thanks. >> >> Dave, any chance to get a build of 2.73rc3? >> >>> >>> Simon. >>> >>> >>> >>> On 30/03/15 16:58, Dave Taht wrote: >>>> I have trouble accessing ietf.org, also, with older versions of >>>> dnsmasq + dnssec, presently. >>> >>>> On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin >>>> <marc@petit-huguenin.org> wrote: >>>>> Am I the only one who cannot access www.ietf.org since Cloudflare >>>>> enabled DNSSEC? (with dnsmasq-full 2.73-3) >>>>> >>>>> Thanks. >>>>> -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-04-11 15:03 ` Marc Petit-Huguenin @ 2015-04-11 16:32 ` Kevin Darbyshire-Bryant 2015-04-11 16:49 ` Dave Taht 2015-04-13 14:02 ` Marc Petit-Huguenin 2015-04-11 16:38 ` Dave Taht 1 sibling, 2 replies; 12+ messages in thread From: Kevin Darbyshire-Bryant @ 2015-04-11 16:32 UTC (permalink / raw) To: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 973 bytes --] On 11/04/2015 16:03, Marc Petit-Huguenin wrote: > On 03/30/2015 12:42 PM, Dave Taht wrote: >> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there >> was a problem til today... > So I suppose that means that Cerowrt is now unmaintained and that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC. > > So, what would you recommend for my WNDR3800? > > Thanks. Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4 with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and can browse the site you mention without obvious problem. The automatic determination of 'valid current time' and hence checking signature timestamps has an issue: The startup script uses 'touch -t 1970epoch timestampfile' to pre-create a timestamp file which slightly defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an invalid option. [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/pkcs7-signature, Size: 4791 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-04-11 16:32 ` Kevin Darbyshire-Bryant @ 2015-04-11 16:49 ` Dave Taht 2015-04-11 19:13 ` Kevin Darbyshire-Bryant 2015-04-13 14:02 ` Marc Petit-Huguenin 1 sibling, 1 reply; 12+ messages in thread From: Dave Taht @ 2015-04-11 16:49 UTC (permalink / raw) To: Kevin Darbyshire-Bryant; +Cc: cerowrt-devel On Sat, Apr 11, 2015 at 9:32 AM, Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> wrote: > On 11/04/2015 16:03, Marc Petit-Huguenin wrote: >> On 03/30/2015 12:42 PM, Dave Taht wrote: >>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there >>> was a problem til today... >> So I suppose that means that Cerowrt is now unmaintained and that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC. >> >> So, what would you recommend for my WNDR3800? >> >> Thanks. > > Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4 > with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and > can browse the site you mention without obvious problem. I stand corrected. I still would really like people to pound dnsmasq flat with namebench or other dns stress tests (anyone know of any? dig in a loop would also help), using a native ipv6 dns server upstream. It used to take days to trigger the bug. It may only happen on networks that have issues with edns0. > The automatic determination of 'valid current time' and hence checking > signature timestamps has an issue: The startup script uses 'touch -t > 1970epoch timestampfile' to pre-create a timestamp file which slightly > defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an > invalid option. Well, it was a more elegant solution that dnsmasq ultimately came up with than what was in cerowrt, and I figure that single character fix is a single bug report to openwrt and patch away... if someone else not getting on a plane makes it. https://www.youtube.com/watch?v=J_GciXA-6Ag > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > -- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-04-11 16:49 ` Dave Taht @ 2015-04-11 19:13 ` Kevin Darbyshire-Bryant 0 siblings, 0 replies; 12+ messages in thread From: Kevin Darbyshire-Bryant @ 2015-04-11 19:13 UTC (permalink / raw) To: Dave Taht; +Cc: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 1690 bytes --] On 11/04/2015 17:49, Dave Taht wrote: > Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4 > with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and > can browse the site you mention without obvious problem. > I stand corrected. > > I still would really like people to pound dnsmasq flat with > namebench or other dns stress tests (anyone know of any? dig in a loop > would also help), using a native ipv6 dns server upstream. It used to > take days to trigger the bug. It may only happen on networks that have > issues with edns0. > >> The automatic determination of 'valid current time' and hence checking >> signature timestamps has an issue: The startup script uses 'touch -t >> 1970epoch timestampfile' to pre-create a timestamp file which slightly >> defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an >> invalid option. > Well, it was a more elegant solution that dnsmasq ultimately came up > with than what was in cerowrt, and I figure that single character fix > is a single bug report to openwrt and patch away... if someone else > not getting on a plane makes it. I shall log a ticket within 48 hours, (if it doesn't get spotted and squashed by someone else) It's not just a case of not using '-t' but rather of not trying to defeat the internal dnsmasq logic whilst fitting in with the requirement of being able to create a file as 'nobody' in a directory with a) suitable permissions and b) survives reboots, and dealing with the new secure computing changes related to procd walled gardens. There are a few things pulling in opposite directions most of which I've no clue :-) Kevin [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/pkcs7-signature, Size: 4791 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-04-11 16:32 ` Kevin Darbyshire-Bryant 2015-04-11 16:49 ` Dave Taht @ 2015-04-13 14:02 ` Marc Petit-Huguenin 1 sibling, 0 replies; 12+ messages in thread From: Marc Petit-Huguenin @ 2015-04-13 14:02 UTC (permalink / raw) To: Kevin Darbyshire-Bryant, cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 1313 bytes --] On 04/11/2015 10:32 AM, Kevin Darbyshire-Bryant wrote: > On 11/04/2015 16:03, Marc Petit-Huguenin wrote: >> On 03/30/2015 12:42 PM, Dave Taht wrote: >>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there >>> was a problem til today... >> So I suppose that means that Cerowrt is now unmaintained and that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC. >> >> So, what would you recommend for my WNDR3800? >> >> Thanks. > > Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4 > with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and > can browse the site you mention without obvious problem. I confirm that with openwrt trunk, I am now able to securely resolve www.ietf.org. Thanks. > > The automatic determination of 'valid current time' and hence checking > signature timestamps has an issue: The startup script uses 'touch -t > 1970epoch timestampfile' to pre-create a timestamp file which slightly > defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an > invalid option. > -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org 2015-04-11 15:03 ` Marc Petit-Huguenin 2015-04-11 16:32 ` Kevin Darbyshire-Bryant @ 2015-04-11 16:38 ` Dave Taht 1 sibling, 0 replies; 12+ messages in thread From: Dave Taht @ 2015-04-11 16:38 UTC (permalink / raw) To: Marc Petit-Huguenin; +Cc: cerowrt-devel On Sat, Apr 11, 2015 at 8:03 AM, Marc Petit-Huguenin <marc@petit-huguenin.org> wrote: > On 03/30/2015 12:42 PM, Dave Taht wrote: >> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there >> was a problem til today... > > So I suppose that means that Cerowrt is now unmaintained and Yes, as funding for cerowrt has never arrived, there seems to be no point in continuing. I put in several grant requests, none came through, 1, is still pending, but it is very small. I do not regard the loss of dnssec capability as worthy of updating the 3.10.50 release, particularly when it is due to a misconfiguration at cloudflare that they have not fixed either. >that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC. Well it (also and ) more means that this fix to dnssec in dnsmasq are part of dnsmasq 2.73 rc3 and later, which is not in any OS that I know of at the moment, backports or not. There were also many, many other fixes to dnsmasq in rc3. There are other possible problems in dnsmasq, the most important being a longstanding infinite loop bug that may or may not be fixed. I had spun up 6 servers in the cloud to extensively test ipv6 and dnsmasq and dnssec and edns0 etc - but did not find sufficient time to tackle the problem myself and am leaving for vacation today. If anyone here wants to configure namebench to go through the alexa top 1million over and over again, using ipv6 primarily, and do other stress test benchmarks like that against r2.73c3 and later - send me your ssh keys - or please spin up your own servers in a cloud with ipv6 in it (like linode), and/or dogfood elsewhere. > So, what would you recommend for my WNDR3800? Openwrt chaos calmer. Still won't solve your problem til someone gets around to testing the patches and pushing them into openwrt. I am taking my guitar and going off to this: http://en.wikipedia.org/wiki/SpaceX_CRS-6 My backup plan, in case the internet failed, was always to get off planet. I am quite fond of the Arkyd-3. > > Thanks. > >> >> for my current openwrt builds - you betcha. thursday-ish. >> >> On Mon, Mar 30, 2015 at 11:17 AM, Marc Petit-Huguenin >> <marc@petit-huguenin.org> wrote: >>> On 03/30/2015 11:49 AM, Simon Kelley wrote: >>>> Dnsmasq bug, should be fixed in 2.73rc3 pls shout if not. >>>> >>>> (the problem is that the clouldflare.bet zone includes the domains >>>> /003.cloudflare.net (that's ctrl-c at the start) and that was >>>> confusing dnsmasq.) >>> >>> Thanks. >>> >>> Dave, any chance to get a build of 2.73rc3? >>> >>>> >>>> Simon. >>>> >>>> >>>> >>>> On 30/03/15 16:58, Dave Taht wrote: >>>>> I have trouble accessing ietf.org, also, with older versions of >>>>> dnsmasq + dnssec, presently. >>>> >>>>> On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin >>>>> <marc@petit-huguenin.org> wrote: >>>>>> Am I the only one who cannot access www.ietf.org since Cloudflare >>>>>> enabled DNSSEC? (with dnsmasq-full 2.73-3) >>>>>> >>>>>> Thanks. >>>>>> > > -- > Marc Petit-Huguenin > Email: marc@petit-huguenin.org > Blog: http://blog.marc.petit-huguenin.org > Profile: http://www.linkedin.com/in/petithug > -- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2015-04-13 14:02 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-03-30 15:52 [Cerowrt-devel] DNSSEC and www.ietf.org Marc Petit-Huguenin 2015-03-30 15:58 ` Dave Taht 2015-03-30 16:19 ` David Personette 2015-03-30 17:49 ` [Cerowrt-devel] [Dnsmasq-discuss] " Simon Kelley 2015-03-30 18:17 ` Marc Petit-Huguenin 2015-03-30 18:42 ` Dave Taht 2015-04-11 15:03 ` Marc Petit-Huguenin 2015-04-11 16:32 ` Kevin Darbyshire-Bryant 2015-04-11 16:49 ` Dave Taht 2015-04-11 19:13 ` Kevin Darbyshire-Bryant 2015-04-13 14:02 ` Marc Petit-Huguenin 2015-04-11 16:38 ` Dave Taht
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox