[Cerowrt-devel] Full blown DNSSEC by default?

Dave Taht dave.taht at gmail.com
Sun Apr 13 10:57:18 EDT 2014

On Sun, Apr 13, 2014 at 3:05 AM, Toke Høiland-Jørgensen <toke at toke.dk> wrote:
>> Is there a "D"?
> Running a full resolver in cerowrt? I've been running a dnssec-enabled bind for some time on my boxes (prior to dnssec support in dnsmasq).

I had done  quite a few optimizations to  make  running  a full  blown
 bind9 resolver at  home pretty performant  (caching  the  roots,  for
example). I also liked  being   able to  do   full  split dns,  etc.

But:  I  got  fed  up  with doing bind for  a variety of reasons:

A) 4 CERT alerts  in  a  year,   including a  couple nasty ones
B) Too  hard to configure  even for  a wizard
C) Too  hard  to  configure  via  a  web interface
D) People  blocking the roots
E) Would  run  out of flash easily with the  jnl file

So  I  pursued  finding something  (e.g.   dnsmasq)  that  was smaller,
more  integrated,   easier  to  configure,  and  easy on  ram  and   flash.

so  that's dnsmasq  today.  It seems  more  plausible to  continue  to
 improve  dnsmasq than  it is  to dumb down bind.

I do not mind continuing  to  support  and improve optional   bind and
unbound  support for those that want to use them.

> -Toke

Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article

More information about the Cerowrt-devel mailing list