On 13/04/14 21:24, Dave Taht wrote:
> interesting long thread over at the fedora project this weekend:
> 
> https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html
> 

I'm quite a long way through it already. The main takehome seems to be
that captive portals are even more broken in the era of DNSSEC than
before. It's amazing that's even possible......


Maybe the IETF should create a sane spec for such things....



Simon.

> 
> 
> ---------- Forwarded message ----------
> From: Chuck Anderson <c...@wpi.edu>
> Date: Sun, Apr 13, 2014 at 10:59 AM
> Subject: Re: [Cerowrt-devel] Full blown DNSSEC by default?
> To: cerowrt-de...@lists.bufferbloat.net
> 
> 
> On Sun, Apr 13, 2014 at 12:05:19PM +0200, Toke Høiland-Jørgensen wrote:
>>
>>> Is there a "D"?
>>
>> Running a full resolver in cerowrt? I've been running a dnssec-enabled bind 
>> for some time on my boxes (prior to dnssec support in dnsmasq).
> 
> How do these proposals compare with unbound+dnssec-trigger in the
> Fedora world?  I stirred up a rats nest:
> 
> https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html
> 
> I realize these are slightly different use cases, but it may be
> helpful to learn from the different implementations, if for no other
> reason than to be sure they interoperate.  I'm going to turn on
> unbound+dnssec-trigger on my laptop and try it behind Cerowrt w/DNSSEC
> turned on to see what happens...
> _______________________________________________
> Cerowrt-devel mailing list
> cerowrt-de...@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
> 
> 


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to