On Sun, Mar 30, 2014 at 12:30 PM, Toke Høiland-Jørgensen <[email protected]> wrote: > Toke Høiland-Jørgensen <[email protected]> writes: > >> This would involve teaching the uclibc resolver about the CD bit and >> expose it in the resolver API I think. Can look into how difficult >> this actually is to do; with the caveat that I'm not exactly an expert >> on such code :P > > OK, went looking at the code. As far as I can tell, it would probably be > possible to teach the part of uclibc that does DNS lookups about the CD > bit. However, I'm not sure there's a way to pass the request for no
Only thing I can think of that makes some sense at the moment is doing a stubby resolver in ntp itself. > validation through the resolver to the right place; certainly not There isn't. Arguably there should have been a flag added to getaddrinfo ages ago... > without entirely reworking the way ntpd does hostname lookups (and > possibly other parts of the C library as well). Either way it's not Not today then. :) > something I feel up to with the time I have available for hacking on > cerowrt. So I am abandoning this avenue of enquiry. So far fixing this dependency has eluded dnssec implementers for 12 years. > I'll be happy to work on improving the dnsmasq script with the > --dnssec-no-timecheck parameter approach; but if it is going to be > rejected in favour of a different approach I'd rather not waste any more > time on it... :) Please push the script into the cerowrt repo for further testing. > -Toke -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
