From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qc0-x234.google.com (mail-qc0-x234.google.com [IPv6:2607:f8b0:400d:c01::234]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id A195B21F170 for ; Wed, 19 Feb 2014 08:43:49 -0800 (PST) Received: by mail-qc0-f180.google.com with SMTP id i17so937490qcy.11 for ; Wed, 19 Feb 2014 08:43:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=h4QkotVLnHcQFY2HNQH1DaVnGryNiTL2YJRnZGDI/6M=; b=sfdjUxA02qpM5NBpKScmfkmhNUs5rY81dAcCWZPe6Ti6fixbZT+ZFyfBl9St8e2t+T GrN38xm2inYeZLLCuu3Ti3lOGsHohIQ7rHBVRg04y6hfrynjNrIIgEB9gx6e+qMDDoIu EzdytChDNiujDwcxEm1hn6MkbYkRoNXFSVc6tMBwLRGHt0vWVbMLYI8udcMUt0XKZc6j gOXZHp6MTEZtHN6TstvHM5Rj1Z6NE/XmT5xwW6e4DXVqj6uLwBGQwSEmwfgxy8E61F8r XAfbgX0kQDu949bGGL1fDC58yC6y7lmaF9zLBTYLhvodxrAv08dZ7oVHq8h6vGw3AONn hX8Q== MIME-Version: 1.0 X-Received: by 10.224.104.9 with SMTP id m9mr3842660qao.18.1392828228659; Wed, 19 Feb 2014 08:43:48 -0800 (PST) Received: by 10.224.88.6 with HTTP; Wed, 19 Feb 2014 08:43:48 -0800 (PST) Date: Wed, 19 Feb 2014 11:43:48 -0500 Message-ID: From: Dave Taht To: David Personette Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: [Cerowrt-devel] dnssec by default and other stories from the bleeding edge X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Feb 2014 16:43:49 -0000 -1) The package repos have all moved on github... This will break everybody building cerowrt themselves and get them to pay attention. 0) I'm having some trouble with default routes 1) The 3.10.28-12 non-release ahas dnssec enabled by default. (I think - see /etc/dnsmasq.conf) A concern of mine has long been that this is going to break in some scenari= os, notably with broken forwarders. >From my perspective, having it on by default ensures it gets tested. IF you= have dns issues (notably with getting time or other queries), you can turn it of= f by commenting it out in that file. I also kind of expect bug #113 to recur... a hook to turn off dnssec at boo= t, and turn it on after time is obtained might be useful. (openwrt ntp supports a script to run after it starts, I think) Otherwise, leave it on and enjoy the glory of ad-free NXDOMAIN results. There is still no NSEC3 support, I am not sure how much that matters. 2) There are some other fixes pending to deal with source specific routing, multiple providers, and multiple dns upstreams, which require tight dnsmasq and netifd integration and the retirement of resolve.conf.auto. 3) the bcp38 code does not look like I'll get a chance to finish it any time soon. I have a proof of concept in github, and a start at a script in ceropackages. Needed is a hook to insert/delete firewall rules at the right time and sense if the external interface is double natted. (help wanted) 4) next up is to get a reproducable build, and fix package signing. 5) There are still a few instruction traps in 3.10.28-12 in odhcpd, those were fixed last night but haven't made it to openwrt yet. 6) I think wifi can be tuned up a bit to behave better under rrul. Anything else I should care about? progress! --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html