dnssec?
Moderator: Moderators
dnssec?
It should be possible to build the default dnsmasq included with gargoyle with at least dnssec support compiled in. I ended up building it myself using dnsmasq-full to fully get dnssec working ( with dnssec-check-unsigned working woot) but this will be a hassle to do every gargoyle release. I also had to patch privoxy to get it to the latest 3.0.23 version but I will have to take that upstream to openwrt. Other than that Gargoyle is awesome right out of the box.
Re: dnssec?
is the overhead a problem?
Re: dnssec?
+1?ispyisail wrote:is the overhead a problem?
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
NETGEAR Nighthawk R7800
NETGEAR R6260
Re: dnssec?
Not for my wndr3700v2 but yes it does generate more port 53 traffic (obviously). I am not sure there would be much more overhead if the dnssec support was compiled in (but not enabled by default) other than than the gargoyle image would be bigger due to the binary being bigger and libgmp (can get rid of dependency I think but haven't tried) and libnettle becoming mandatory. Actually the better solution would probably be to fix gargoyle being incompatible with dnsmasq-full due to kernel incompatibility with dependency kmod-ipv6 (dnsmasq-full provides ipv6 support but doesn't require it). That would please the small number of paranoids like me that don't trust their ISP not to dick with their DNS and yet not affect the vast majority of other users. Until then rolling your own is the work around.ispyisail wrote:is the overhead a problem?