On 2013-09-10, at 17:59, Olafur Gudmundsson o...@ogud.com wrote:
[cc'ed to a more approriate IETF wg]
... and I'll gratuitously mention draft-jabley-dnsop-validator-bootstrap here
too, since it addresses exactly this topic.
Joe
___
DNSOP mailing
On 11/09/2013 09:59, Olafur Gudmundsson wrote:
...
My colleagues and I worked on OpenWrt routers to get Unbound to work there,
what you need to do is to start DNS up in non-validating mode
wait for NTP to fix time, then check if the link allows DNSSEC answers
through, at which point you can
On Tue, Sep 10, 2013 at 05:59:52PM -0400, Olafur Gudmundsson wrote:
My colleagues and I worked on OpenWrt routers to get Unbound to work
there, what you need to do is to start DNS up in non-validating mode wait
for NTP to fix time, then check if the link allows DNSSEC answers
through, at which
Olafur Gudmundsson wrote:
So how do you get the time after you power on the device? The usual
answer is use ntp. Except you can't do a DNS resolve when your
time is incorrect. You have a chicken and egg problem to
resolve/hack around :-(.
It is one reason why DNSSEC does not worth
[cc'ed to a more approriate IETF wg]
On Sep 10, 2013, at 11:55 AM, Jim Gettys j...@freedesktop.org wrote:
Ted T'so referred to a conversation we had last week. Let me give the
background.
Dave Taht has been doing an advanced version of OpenWrt for our bufferbloat
work (called CeroWrt