[Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org
Dave Taht
dave.taht at gmail.com
Sat Apr 11 12:49:51 EDT 2015
On Sat, Apr 11, 2015 at 9:32 AM, Kevin Darbyshire-Bryant
<kevin at darbyshire-bryant.me.uk> wrote:
> On 11/04/2015 16:03, Marc Petit-Huguenin wrote:
>> On 03/30/2015 12:42 PM, Dave Taht wrote:
>>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there
>>> was a problem til today...
>> So I suppose that means that Cerowrt is now unmaintained and that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC.
>>
>> So, what would you recommend for my WNDR3800?
>>
>> Thanks.
>
> Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4
> with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and
> can browse the site you mention without obvious problem.
I stand corrected.
I still would really like people to pound dnsmasq flat with
namebench or other dns stress tests (anyone know of any? dig in a loop
would also help), using a native ipv6 dns server upstream. It used to
take days to trigger the bug. It may only happen on networks that have
issues with edns0.
> The automatic determination of 'valid current time' and hence checking
> signature timestamps has an issue: The startup script uses 'touch -t
> 1970epoch timestampfile' to pre-create a timestamp file which slightly
> defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an
> invalid option.
Well, it was a more elegant solution that dnsmasq ultimately came up
with than what was in cerowrt, and I figure that single character fix
is a single bug report to openwrt and patch away... if someone else
not getting on a plane makes it.
https://www.youtube.com/watch?v=J_GciXA-6Ag
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
--
Dave Täht
Let's make wifi fast, less jittery and reliable again!
https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb
More information about the Cerowrt-devel
mailing list