[384.11_Alpha - builds] Testing all variants.

RMerlin · Apr 26, 2019

bbunge said:
Would rather DNSSEC validation be kept with getdns/stubby. Have not found that dnsmasq retrieves root keys dynamically where stubby does.

Dnsmasq is a more logical location for this to occur:

- Dnsmasq can cache results, so it improves performance as multiple queries can be required to validate a record
- Dnsmasq has been proven to work well, and has a stricter DNSSEC validation than getdns (AFAIK)
- Dnsmasq is intended as the multi-role service, Stubby is merely a bridge between dnsmasq and DoT servers, design-wise it makes little sense to also move some of the burden of validating results to Stubby.
- It makes debugging easier, as dnsmasq has extensive logging capabilities
- Automatic retrieval of keys is something I see as a potential security risk (they could get compromised, compared to built-in keys), or failure to retrieve the keys could break your whole network (if the key repository goes down / changes location / gets blocked by your ISP/Country).

Swistheater · Apr 26, 2019

RMerlin said:
Dnsmasq is a more logical location for this to occur:

- Dnsmasq can cache results, so it improves performance as multiple queries can be required to validate a record
- Dnsmasq has been proven to work well, and has a stricter DNSSEC validation than getdns (AFAIK)
- Dnsmasq is intended as the multi-role service, Stubby is merely a bridge between dnsmasq and DoT servers, design-wise it makes little sense to also move some of the burden of validating results to Stubby.
- It makes debugging easier, as dnsmasq has extensive logging capabilities
- Automatic retrieval of keys is something I see as a potential security risk (they could get compromised, compared to built-in keys), or failure to retrieve the keys could break your whole network (if the key repository goes down / changes location / gets blocked by your ISP/Country).

I can't wait to test this out. It will be alot nicer to see dnsmasq doing it's job in conjunction with stubby.

skeal · Apr 26, 2019

Swistheater said:
I can't wait to test this out. It will be alot nicer to see dnsmasq doing it's job in conjunction with stubby.

+1 I couldn't agree more!!

octopus · Apr 27, 2019

New BETA is out..... Close this thread.

https://www.snbforums.com/threads/b...eta-is-now-available.56325/page-2#post-485049

Thread starter	Title	Forum	Replies	Date
W	Tera Term can't SSH connect to router running Merlin 384, but works when flash back to ASUS stock FW	Asuswrt-Merlin	6	Mar 13, 2024
	[AC 68U] Recommend FW upgrade path from 384.9	Asuswrt-Merlin	8	Feb 15, 2024
I	RT-AC3200 Merlin 384.13.10 - e2fsck abort with 'Memory Allocation failed' (10 GB swapfile!)	Asuswrt-Merlin	14	Dec 13, 2023
	TM-AC1900 upgraded to RT-AC68U unable to upgrade past 384.15	Asuswrt-Merlin	2	Aug 8, 2023
B	Static VPN route in ASUS RT-AC87u with firmware 384.13_10	Asuswrt-Merlin	0	May 2, 2023
	[ 3004.388.7 alpha 2 Build(s) ] Testing available build(s)	Asuswrt-Merlin	74	Saturday at 1:21 PM
	[ 3004.388.7 alpha 1 Build(s) ] Testing available build(s)	Asuswrt-Merlin	175	Mar 16, 2024
	[ 386.13 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	46	Mar 11, 2024
	[ 3004.388.6 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	189	Dec 20, 2023
	[ 3004.388.5 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	161	Nov 2, 2023

Search

Search

[384.11_Alpha - builds] Testing all variants.

RMerlin

Asuswrt-Merlin dev

Swistheater

Very Senior Member

skeal

Part of the Furniture

octopus

Part of the Furniture

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online