[Cerowrt-devel] [Dnsmasq-discuss] DNSSEC and www.ietf.org

Marc Petit-Huguenin marc at petit-huguenin.org
Mon Apr 13 10:02:48 EDT 2015


On 04/11/2015 10:32 AM, Kevin Darbyshire-Bryant wrote:
> On 11/04/2015 16:03, Marc Petit-Huguenin wrote:
>> On 03/30/2015 12:42 PM, Dave Taht wrote:
>>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there
>>> was a problem til today...
>> So I suppose that means that Cerowrt is now unmaintained and that I should switch to something else, because my job requires near constant access to www.ietf.org and I will not disable DNSSEC.
>>
>> So, what would you recommend for my WNDR3800?
>>
>> Thanks.
> 
> Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4
> with suitable handling for DNSSEC.   Certainly I've DNSSEC enabled and
> can browse the site you mention without obvious problem.

I confirm that with openwrt trunk, I am now able to securely resolve www.ietf.org.

Thanks.

> 
> The automatic determination of 'valid current time' and hence checking
> signature timestamps has an issue:  The startup script uses 'touch -t
> 1970epoch timestampfile' to pre-create a timestamp file which slightly
> defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an
> invalid option.
> 


-- 
Marc Petit-Huguenin
Email: marc at petit-huguenin.org
Blog: http://blog.marc.petit-huguenin.org
Profile: http://www.linkedin.com/in/petithug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20150413/547b6240/attachment.sig>


More information about the Cerowrt-devel mailing list