From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vn0-x231.google.com (mail-vn0-x231.google.com [IPv6:2607:f8b0:400c:c0f::231]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 696E821F503 for ; Sat, 11 Apr 2015 09:49:52 -0700 (PDT) Received: by vnbg1 with SMTP id g1so12046768vnb.2 for ; Sat, 11 Apr 2015 09:49:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=uLGBe3MV4Risf0cQUWfsseqGoqTrClyuB6bqqgKzavo=; b=GsT3lQzQ5B7SmvBf150x4xeWIyYq9lDcaPR8QRUJFAJNFn1mSnQpLECFbgoLGyaUk0 jMDg1EIxL4JKD/7lls6MpDdIa60/eE25fNPETqdhs/M6saP/drczIYgcKmUmEQKA8YcF B9vYarfQGxB4a+jrY/XM8QUc60a6G0OQ3DmU6sey56nPne6YVsEk+s+CIrW0vrOfQ3or tYALNU9hHLK5OThPJbjphgEpV5UwX/iA0XqtTyjjIGHphu02wbVcRW65uMy7K4GR5A7t 0QjlMzVQDMQR5P+YKjL7taWfYoHOcrP57oiUg7EXs3RPaVGqnms6ZCdB0TVGvBCzp9p/ Wcng== MIME-Version: 1.0 X-Received: by 10.202.216.87 with SMTP id p84mr2325806oig.133.1428770991834; Sat, 11 Apr 2015 09:49:51 -0700 (PDT) Received: by 10.202.51.66 with HTTP; Sat, 11 Apr 2015 09:49:51 -0700 (PDT) In-Reply-To: <55294C81.9000709@darbyshire-bryant.me.uk> References: <5519712F.7030309@petit-huguenin.org> <55198CBE.1030001@thekelleys.org.uk> <55199322.9030805@petit-huguenin.org> <552937B3.10008@petit-huguenin.org> <55294C81.9000709@darbyshire-bryant.me.uk> Date: Sat, 11 Apr 2015 09:49:51 -0700 Message-ID: From: Dave Taht To: Kevin Darbyshire-Bryant Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2015 16:50:21 -0000 On Sat, Apr 11, 2015 at 9:32 AM, Kevin Darbyshire-Bryant wrote: > On 11/04/2015 16:03, Marc Petit-Huguenin wrote: >> On 03/30/2015 12:42 PM, Dave Taht wrote: >>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there >>> was a problem til today... >> So I suppose that means that Cerowrt is now unmaintained and that I shou= ld switch to something else, because my job requires near constant access t= o www.ietf.org and I will not disable DNSSEC. >> >> So, what would you recommend for my WNDR3800? >> >> Thanks. > > Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4 > with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and > can browse the site you mention without obvious problem. I stand corrected. I still would really like people to pound dnsmasq flat with namebench or other dns stress tests (anyone know of any? dig in a loop would also help), using a native ipv6 dns server upstream. It used to take days to trigger the bug. It may only happen on networks that have issues with edns0. > The automatic determination of 'valid current time' and hence checking > signature timestamps has an issue: The startup script uses 'touch -t > 1970epoch timestampfile' to pre-create a timestamp file which slightly > defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an > invalid option. Well, it was a more elegant solution that dnsmasq ultimately came up with than what was in cerowrt, and I figure that single character fix is a single bug report to openwrt and patch away... if someone else not getting on a plane makes it. https://www.youtube.com/watch?v=3DJ_GciXA-6Ag > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --=20 Dave T=C3=A4ht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb