[Cerowrt-devel] cerowrt 3.3.8-17: nice latency improvements, some issues with bind
Török Edwin
edwin+ml-cerowrt at etorok.net
Fri Aug 17 13:13:13 PDT 2012
On 08/17/2012 10:52 PM, Dave Taht wrote:
> On Fri, Aug 17, 2012 at 12:05 PM, Török Edwin
>> I was using unbound on openwrt for dnssec before and I haven't noticed this problem.
>
> How is that on memory and configurability?
It was quite easy to configure, and I didn't need to touch it since the initial setup.
I think I just followed the instructions for Debian:
http://wiki.debian.org/DNSSEC#Unbound
I've attached my unbound.conf here if you want to see what it knows. According to the config file
it should use a 4M cache by default.
I didn't measure memory usage, or do any other benchmark to compare it against bind.
>
>> However I had some .ro time servers configured, and apparently they use quite a wide range
>> for their RRSIG, so maybe I was just lucky not to hit a situation where both .ro and .org would fail to validate.
>> RRSIG NS 5 2 7200 20120819122953 20120720122953....
>> RRSIG NSEC 8 1 86400 20120824000000 20120816230000 ...
>>
>> While the .org RRSIG has quite a recent timestamp:
>> org. 900 IN RRSIG SOA 7 1 900 20120907184119 20120817174119
>>
>> Added the .ro timeservers to cerowrt now, and will see if the problem occurs again.
>
> You were lucky, and it will. openwrt/cerowrt can periodically write
> the current time to flash, but not often enough for dnssec on a fresh
> boot, and more often would be mildly bad on flash wear.
>
> I wasn't aware however that some timeservers were available that
[this sentence seems to have been cut off]
>
>>>> Another minor issue is that p910nd and luci-app-p910nd were not available via opkg install, but I found them on openwrt.org, so that works now.
Best regards,
--Edwin
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: unbound.conf
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20120817/2b3ae965/attachment.ksh>
More information about the Cerowrt-devel
mailing list