From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 0280221F4E2 for ; Sat, 11 Apr 2015 09:38:51 -0700 (PDT) Received: by qkhg7 with SMTP id g7so86320350qkh.2 for ; Sat, 11 Apr 2015 09:38:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=DGEtdMLCO7+1xLLPKDzBZq7ANyynA/TKliT7sdk18a0=; b=d+qg0r6pROMU5eooCXWg5d98toyAqoK+P+cYC353t5xD92LXe+LrRSPT/9ovkVuT/l fgBnM0oECrJU6qeLqnxoyCSEKbQHOuq0XfYUTgcy8Lmo28DrjFcvVqRIYPbWsVF21HUB ryjuX1fqHhbWdGb83IpjkFk0T4GlxKsUQrTQbSfFaqngotLoNDgUAqK+2VgCZVtjYzxb ZSsej9APRGIl2wGkLYvbJ/UxvBapStJdiTLojTci9/Iyiv/eZO7DX0obn1X9heYUIJrK mu9822ixINrexKzb6xc5LF/my9feEEfpKseffdGu7kmzjN3V50Lnx7mKNE7z0s2GQTi2 hO1w== MIME-Version: 1.0 X-Received: by 10.202.227.130 with SMTP id a124mr2334082oih.59.1428770330347; Sat, 11 Apr 2015 09:38:50 -0700 (PDT) Received: by 10.202.51.66 with HTTP; Sat, 11 Apr 2015 09:38:50 -0700 (PDT) In-Reply-To: <552937B3.10008@petit-huguenin.org> References: <5519712F.7030309@petit-huguenin.org> <55198CBE.1030001@thekelleys.org.uk> <55199322.9030805@petit-huguenin.org> <552937B3.10008@petit-huguenin.org> Date: Sat, 11 Apr 2015 09:38:50 -0700 Message-ID: From: Dave Taht To: Marc Petit-Huguenin Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2015 16:39:20 -0000 On Sat, Apr 11, 2015 at 8:03 AM, Marc Petit-Huguenin wrote: > On 03/30/2015 12:42 PM, Dave Taht wrote: >> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there >> was a problem til today... > > So I suppose that means that Cerowrt is now unmaintained and Yes, as funding for cerowrt has never arrived, there seems to be no point in continuing. I put in several grant requests, none came through, 1, is still pending, but it is very small. I do not regard the loss of dnssec capability as worthy of updating the 3.10.50 release, particularly when it is due to a misconfiguration at cloudflare that they have not fixed either. >that I should switch to something else, because my job requires near const= ant access to www.ietf.org and I will not disable DNSSEC. Well it (also and ) more means that this fix to dnssec in dnsmasq are part of dnsmasq 2.73 rc3 and later, which is not in any OS that I know of at the moment, backports or not. There were also many, many other fixes to dnsmasq in rc3. There are other possible problems in dnsmasq, the most important being a longstanding infinite loop bug that may or may not be fixed. I had spun up 6 servers in the cloud to extensively test ipv6 and dnsmasq and dnssec and edns0 etc - but did not find sufficient time to tackle the problem myself and am leaving for vacation today. If anyone here wants to configure namebench to go through the alexa top 1million over and over again, using ipv6 primarily, and do other stress test benchmarks like that against r2.73c3 and later - send me your ssh keys - or please spin up your own servers in a cloud with ipv6 in it (like linode), and/or dogfood elsewhere. > So, what would you recommend for my WNDR3800? Openwrt chaos calmer. Still won't solve your problem til someone gets around to testing the patches and pushing them into openwrt. I am taking my guitar and going off to this: http://en.wikipedia.org/wiki/SpaceX_CRS-6 My backup plan, in case the internet failed, was always to get off planet. I am quite fond of the Arkyd-3. > > Thanks. > >> >> for my current openwrt builds - you betcha. thursday-ish. >> >> On Mon, Mar 30, 2015 at 11:17 AM, Marc Petit-Huguenin >> wrote: >>> On 03/30/2015 11:49 AM, Simon Kelley wrote: >>>> Dnsmasq bug, should be fixed in 2.73rc3 pls shout if not. >>>> >>>> (the problem is that the clouldflare.bet zone includes the domains >>>> /003.cloudflare.net (that's ctrl-c at the start) and that was >>>> confusing dnsmasq.) >>> >>> Thanks. >>> >>> Dave, any chance to get a build of 2.73rc3? >>> >>>> >>>> Simon. >>>> >>>> >>>> >>>> On 30/03/15 16:58, Dave Taht wrote: >>>>> I have trouble accessing ietf.org, also, with older versions of >>>>> dnsmasq + dnssec, presently. >>>> >>>>> On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin >>>>> wrote: >>>>>> Am I the only one who cannot access www.ietf.org since Cloudflare >>>>>> enabled DNSSEC? (with dnsmasq-full 2.73-3) >>>>>> >>>>>> Thanks. >>>>>> > > -- > Marc Petit-Huguenin > Email: marc@petit-huguenin.org > Blog: http://blog.marc.petit-huguenin.org > Profile: http://www.linkedin.com/in/petithug > --=20 Dave T=C3=A4ht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb