[Cerowrt-devel] DNSSEC & NTP Bootstrapping -- prototype!
Dave Taht
dave.taht at gmail.com
Sun Mar 30 16:06:29 EDT 2014
On Sun, Mar 30, 2014 at 12:30 PM, Toke Høiland-Jørgensen <toke at toke.dk> wrote:
> Toke Høiland-Jørgensen <toke at toke.dk> writes:
>
>> This would involve teaching the uclibc resolver about the CD bit and
>> expose it in the resolver API I think. Can look into how difficult
>> this actually is to do; with the caveat that I'm not exactly an expert
>> on such code :P
>
> OK, went looking at the code. As far as I can tell, it would probably be
> possible to teach the part of uclibc that does DNS lookups about the CD
> bit. However, I'm not sure there's a way to pass the request for no
Only thing I can think of that makes some sense at the moment is
doing a stubby resolver in ntp itself.
> validation through the resolver to the right place; certainly not
There isn't. Arguably there should have been a flag added to getaddrinfo
ages ago...
> without entirely reworking the way ntpd does hostname lookups (and
> possibly other parts of the C library as well). Either way it's not
Not today then. :)
> something I feel up to with the time I have available for hacking on
> cerowrt. So I am abandoning this avenue of enquiry.
So far fixing this dependency has eluded dnssec implementers for 12 years.
> I'll be happy to work on improving the dnsmasq script with the
> --dnssec-no-timecheck parameter approach; but if it is going to be
> rejected in favour of a different approach I'd rather not waste any more
> time on it... :)
Please push the script into the cerowrt repo for further testing.
> -Toke
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
More information about the Cerowrt-devel
mailing list