On 04/11/2015 10:32 AM, Kevin Darbyshire-Bryant wrote: > On 11/04/2015 16:03, Marc Petit-Huguenin wrote: >> On 03/30/2015 12:42 PM, Dave Taht wrote: >>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there >>> was a problem til today... >> So I suppose that means that Cerowrt is now unmaintained and that I should >> switch to something else, because my job requires near constant access to >> www.ietf.org and I will not disable DNSSEC. >> >> So, what would you recommend for my WNDR3800? >> >> Thanks. > > Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4 > with suitable handling for DNSSEC. Certainly I've DNSSEC enabled and > can browse the site you mention without obvious problem.
I confirm that with openwrt trunk, I am now able to securely resolve www.ietf.org. Thanks. > > The automatic determination of 'valid current time' and hence checking > signature timestamps has an issue: The startup script uses 'touch -t > 1970epoch timestampfile' to pre-create a timestamp file which slightly > defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an > invalid option. > -- Marc Petit-Huguenin Email: [email protected] Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
