[Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org

Dave Taht dave.taht at gmail.com
Sat Apr 11 12:38:50 EDT 2015

On Sat, Apr 11, 2015 at 8:03 AM, Marc Petit-Huguenin
<marc at petit-huguenin.org> wrote:
> On 03/30/2015 12:42 PM, Dave Taht wrote:
>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there
>> was a problem til today...
> So I suppose that means that Cerowrt is now unmaintained and

Yes, as funding for cerowrt has never arrived, there seems to be no
point in continuing. I put in several grant requests, none came
through, 1, is still pending, but it is very small.

I do not regard the loss of dnssec capability as worthy of updating
the 3.10.50 release, particularly when it is due to a misconfiguration
at cloudflare that they have not fixed either.

>that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC.

Well it (also and ) more means that this fix to dnssec in dnsmasq are
part of dnsmasq 2.73 rc3 and later, which is not in any OS that I know
of at the moment, backports or not. There were also many, many other
fixes to dnsmasq in rc3.

There are other possible problems in dnsmasq, the most important being
a longstanding infinite loop bug that may or may not be fixed. I had
spun up 6 servers in the cloud to extensively test ipv6 and dnsmasq
and dnssec and edns0 etc - but did not find sufficient time to tackle
the problem myself and am leaving for vacation today.

If anyone here wants to configure namebench to go through the alexa
top 1million over and over again, using ipv6 primarily, and do other
stress test benchmarks like that against r2.73c3 and later - send me
your ssh keys - or please spin up your own servers in a cloud with
ipv6 in it (like linode), and/or dogfood elsewhere.

> So, what would you recommend for my WNDR3800?

Openwrt chaos calmer. Still won't solve your problem til someone gets
around to testing the patches and pushing them into openwrt.

I am taking my guitar and going off to this:


My backup plan, in case the internet failed, was always to get off planet.

I am quite fond of the Arkyd-3.

> Thanks.
>> for my current openwrt builds - you betcha. thursday-ish.
>> On Mon, Mar 30, 2015 at 11:17 AM, Marc Petit-Huguenin
>> <marc at petit-huguenin.org> wrote:
>>> On 03/30/2015 11:49 AM, Simon Kelley wrote:
>>>> Dnsmasq bug, should be fixed in 2.73rc3 pls shout if not.
>>>> (the problem is that the clouldflare.bet zone includes the domains
>>>> /003.cloudflare.net (that's ctrl-c at the start) and that was
>>>> confusing dnsmasq.)
>>> Thanks.
>>> Dave, any chance to get a build of 2.73rc3?
>>>> Simon.
>>>> On 30/03/15 16:58, Dave Taht wrote:
>>>>> I have trouble accessing ietf.org, also, with older versions of
>>>>> dnsmasq + dnssec, presently.
>>>>> On Mon, Mar 30, 2015 at 8:52 AM, Marc Petit-Huguenin
>>>>> <marc at petit-huguenin.org> wrote:
>>>>>> Am I the only one who cannot access www.ietf.org since Cloudflare
>>>>>> enabled DNSSEC? (with dnsmasq-full 2.73-3)
>>>>>> Thanks.
> --
> Marc Petit-Huguenin
> Email: marc at petit-huguenin.org
> Blog: http://blog.marc.petit-huguenin.org
> Profile: http://www.linkedin.com/in/petithug

Dave Täht
Let's make wifi fast, less jittery and reliable again!


More information about the Cerowrt-devel mailing list