From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-we0-x22a.google.com (mail-we0-x22a.google.com [IPv6:2a00:1450:400c:c03::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id C681B20175A for ; Sun, 30 Mar 2014 13:06:31 -0700 (PDT) Received: by mail-we0-f170.google.com with SMTP id w61so4021005wes.29 for ; Sun, 30 Mar 2014 13:06:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=6lLfNWQREcLLSi9bp1LzrbLUlQGBaPepyTCewHBrQFA=; b=NXhxoxDevTQ0r+Y20CHxwULM7LnRFF5FznMdC1Y4+GGfRdFtHQaxt7hLV3Et01dkyk x8gAixOaQNppRWzwyd3QWoeRGTINBFRHOCM+2gHo6yUoYTERXu3935egxLpZx+S8q4Tz FOvdAZ6ZQvXwCoW++Z2lfA63sENzCOjs8XuhExbLZfWRse7RY3EW/Yzf8veslUNdhaNc wGwSmHohe5PIZeOgU1t0HRpwcTjZeJqmkM/S8ac3IrecaMymgMr2PPv+wDo6ji516DXn pWWV1FTZi0Jj50Hhmf1ABwP9xMLnn+iYaHzFGasfamPLKKK6XNn8eir3aV88P2TUHy2I oesw== MIME-Version: 1.0 X-Received: by 10.180.37.178 with SMTP id z18mr7235455wij.46.1396209989529; Sun, 30 Mar 2014 13:06:29 -0700 (PDT) Received: by 10.216.8.1 with HTTP; Sun, 30 Mar 2014 13:06:29 -0700 (PDT) In-Reply-To: <87ppl3a3if.fsf@alrua-x1.karlstad.toke.dk> References: <532DD9DD.8040301@thekelleys.org.uk> <871txut453.fsf@alrua-x1.karlstad.toke.dk> <532DE7A8.3010504@thekelleys.org.uk> <87ppleroks.fsf@alrua-x1.karlstad.toke.dk> <53348C32.4040907@thekelleys.org.uk> <87ha6idabz.fsf@alrua-x1.karlstad.toke.dk> <53353C07.9030000@thekelleys.org.uk> <87eh1madfy.fsf@toke.dk> <533551F6.9010402@thekelleys.org.uk> <87lhvu8uqi.fsf@toke.dk> <5335E1BD.7010304@thekelleys.org.uk> <87k3bdbbt6.fsf@alrua-x1.karlstad.toke.dk> <87bnwpb7f7.fsf_-_@alrua-x1.karlstad.toke.dk> <421.1396128076@sandelman.ca> <877g7bbz5g.fsf@alrua-x1.karlstad.toke.dk> <87ppl3a3if.fsf@alrua-x1.karlstad.toke.dk> Date: Sun, 30 Mar 2014 13:06:29 -0700 Message-ID: From: Dave Taht To: =?ISO-8859-1?Q?Toke_H=F8iland=2DJ=F8rgensen?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] DNSSEC & NTP Bootstrapping -- prototype! X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2014 20:06:32 -0000 On Sun, Mar 30, 2014 at 12:30 PM, Toke H=F8iland-J=F8rgensen = wrote: > Toke H=F8iland-J=F8rgensen writes: > >> This would involve teaching the uclibc resolver about the CD bit and >> expose it in the resolver API I think. Can look into how difficult >> this actually is to do; with the caveat that I'm not exactly an expert >> on such code :P > > OK, went looking at the code. As far as I can tell, it would probably be > possible to teach the part of uclibc that does DNS lookups about the CD > bit. However, I'm not sure there's a way to pass the request for no Only thing I can think of that makes some sense at the moment is doing a stubby resolver in ntp itself. > validation through the resolver to the right place; certainly not There isn't. Arguably there should have been a flag added to getaddrinfo ages ago... > without entirely reworking the way ntpd does hostname lookups (and > possibly other parts of the C library as well). Either way it's not Not today then. :) > something I feel up to with the time I have available for hacking on > cerowrt. So I am abandoning this avenue of enquiry. So far fixing this dependency has eluded dnssec implementers for 12 years. > I'll be happy to work on improving the dnsmasq script with the > --dnssec-no-timecheck parameter approach; but if it is going to be > rejected in favour of a different approach I'd rather not waste any more > time on it... :) Please push the script into the cerowrt repo for further testing. > -Toke --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html