Re: [Dnsmasq-discuss] losing RRSIGS in dnsmasq 2.73rc3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I get a BOGUS validation because there's no DS record for bufferbloat.ne t bufferbloat.net uses dlv.isc.org, which dnsmasq doesn't support. I think we went round this loop last year sometime. What are you doing which allows this to validate? Maybe a

Re: [Dnsmasq-discuss] losing RRSIGS in dnsmasq 2.73rc3

On Thu, Apr 2, 2015 at 1:50 PM, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/15 21:43, Dave Taht wrote: On Thu, Apr 2, 2015 at 1:08 PM, Simon Kelley si...@thekelleys.org.uk wrote: I get a BOGUS validation because there's no DS record for

Re: [Dnsmasq-discuss] losing RRSIGS in dnsmasq 2.73rc3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/15 21:43, Dave Taht wrote: On Thu, Apr 2, 2015 at 1:08 PM, Simon Kelley si...@thekelleys.org.uk wrote: I get a BOGUS validation because there's no DS record for bufferbloat.ne t bufferbloat.net uses dlv.isc.org, which dnsmasq doesn't

Re: [Dnsmasq-discuss] losing RRSIGS in dnsmasq 2.73rc3

On Thu, Apr 2, 2015 at 1:08 PM, Simon Kelley si...@thekelleys.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I get a BOGUS validation because there's no DS record for bufferbloat.ne t bufferbloat.net uses dlv.isc.org, which dnsmasq doesn't support. I think we went round this

Re: [Dnsmasq-discuss] a little feedback on the new dnssec startup method in openwrt

Chaps, If I may interject: On 02/04/2015 22:21, Dave Taht wrote: On Thu, Apr 2, 2015 at 1:20 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 02/04/15 19:41, Dave Taht wrote: A) Not clear what happens if it tries to write it while the jffs filesystem is still being cleaned Not sure I

Re: [Dnsmasq-discuss] a little feedback on the new dnssec startup method in openwrt

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/15 22:21, Dave Taht wrote: On Thu, Apr 2, 2015 at 1:20 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 02/04/15 19:41, Dave Taht wrote: A) Not clear what happens if it tries to write it while the jffs filesystem is still being

[Dnsmasq-discuss] a little feedback on the new dnssec startup method in openwrt

A) Not clear what happens if it tries to write it while the jffs filesystem is still being cleaned B) the dnssec_timestamp file needs to go somewhere that can be written by nobody. B1) trying to create it to /etc/ fails and fails to startup dnsmasq (see A) Thu Apr 2 18:31:52 2015 daemon.info

Re: [Dnsmasq-discuss] losing RRSIGS in dnsmasq 2.73rc3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/15 22:17, Dave Taht wrote: Are you giving dnsmasq the --dnssec-debug flag? If so you'll still get a reply (wo an ad flag) when the validation fails. That (combined with the second reply coming from cache) would fit the data provided. If