[Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Sat Apr 11 12:32:01 EDT 2015

On 11/04/2015 16:03, Marc Petit-Huguenin wrote:
> On 03/30/2015 12:42 PM, Dave Taht wrote:
>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there
>> was a problem til today...
> So I suppose that means that Cerowrt is now unmaintained and that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC.
> So, what would you recommend for my WNDR3800?
> Thanks.

Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4
with suitable handling for DNSSEC.   Certainly I've DNSSEC enabled and
can browse the site you mention without obvious problem.

The automatic determination of 'valid current time' and hence checking
signature timestamps has an issue:  The startup script uses 'touch -t
1970epoch timestampfile' to pre-create a timestamp file which slightly
defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an
invalid option.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4791 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20150411/b51cf9e9/attachment-0002.bin>

More information about the Cerowrt-devel mailing list