[OpenWrt-Devel] Updating dnsmasq 2.73rc1 & new dnssec timestamp checking option
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Thu Mar 26 09:37:32 EDT 2015
Hi All,
New here, new to openwrt, not really a developer, more a willing idiot.
Appreciate your help, patience, guidance etc.
I've been following dnsmasq git master for a year or two on other router
firmware projects and have always tried to keep them up to date. I'd
like to do the same with/for openwrt. I've a local clone of openwrt
following CC master (bleeding edge) and have updated the dnsmasq package
makefile to pull RC1, removed unneeded patches and got something
compiling & working (on one box, one platform - yeah huge test base!)
I'd like to contribute these changes but I'm very unsure how to go about it.
There have been quite a few little fixes and improvements gone into
dnsmasq 2.73 (having gone through a number of test revisions) One
particular feature relates to the 'dnssec validation/time not set/lookup
ntp server' chicken & egg problem. Simon Kelly took the seed of an idea
that I had, ran with it, greatly improved it and came up with a
'timestamp file' which helps dnsmasq determine automatically whether the
current time is to be considered 'good' or not and hence whether to
check dnssec certificate time validity or not. I personally think this
is the final hurdle removed with regard to getting dnssec validation to
an easily deployable state when using dnsmasq (luci needs a few extra
options though - I've had ideas for that too)
I've updated the package dnsmasq init script so that it uses this new
option if dnssec is enabled. The location of the timestamp file is
currently '/etc/dnsmasq.d/dnsmasq.timestamp' but is this the best
location for it? The file needs to survive reboots and a further
complication is that it must be r/w by the unprivileged user that
dnsmasq drops to (nobody) hence the new directory and init script doing
chown nobody:nogroup /etc/dnsmasq.d (I can't work out how to do that as
part of the image build process)
Your advice, help appreciated.
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4791 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150326/440b4a22/attachment.p7s>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list