[Cerowrt-devel] [Dnsmasq-discuss] Problems with DNSsec on Comcast, with Cero 3.10.38-1/DNSmasq 4-26-2014
Sebastian Moeller
moeller0 at gmx.de
Fri May 2 10:30:27 EDT 2014
Hi List, hi Dave,
On May 2, 2014, at 00:27 , Dave Taht <dave.taht at gmail.com> wrote:
> On Thu, May 1, 2014 at 1:26 PM, Rich Brown <richb.hanover at gmail.com> wrote:
>>
>> On May 1, 2014, at 2:37 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>>
>>> On 30/04/14 18:26, Dave Taht wrote:
>>>> On Tue, Apr 29, 2014 at 1:57 PM, Phil Pennock
>>>> <cerowrt-devel+phil at spodhuis.org> wrote:
>>
>> snip, snip snip...
>>
>>>> Is the consensus to not run with negative proofs on at this juncture?
>>>
>>> If you want stuff to just work, turn off negative proofs, if you want to
>>> push the envelope, leave them on and complain to domain-admins.
>>>
>>> I had some feeling that something like this might be a problem, hence
>>> the discrete controls.
>>
>> I apologize that I haven't been following this closely, but so I'm going to ask a TL;DR question.
>>
>> Which places in the OpenWrt/CeroWrt GUI (or the config files) do I use to wiggle these levers?
>
> There is no gui support as yet. enablement is via /etc/dnsmasq.conf
>
> I disabled (commented out) the negative proof checks in the 3.10.38-2 release.
So, I installed this just now and to my amazement it directly picked up my ISP's dns servers immediately, unlike with the last two? releases I did not have to resort to google's dns servers. So this looks like the deutsche telekom setup is not ready for full dnssec (at least not when trying to use the dns server on the primary dt router...).
Best Regards
Sebastian
>
>> Thanks!
>>
>> Rich
>
>
>
> --
> Dave Täht
>
> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
More information about the Cerowrt-devel
mailing list