where is the dnssec_trust_anchor location

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6414
Location: UK, London, just across the river..

PostPosted: Wed Jan 26, 2022 21:51    Post subject: where is the dnssec_trust_anchor location Reply with quote
Hi guys do you know by any chance, where is the dnssec_trust_anchors location, in DDWRT system, where to find it on my 1043v2 8MB flash size...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Jan 26, 2022 23:27    Post subject: Reply with quote
EA8500 using unbound would be:

auto-trust-anchor-file: "/etc/unbound/root.key"

see:
Code:
mrjcd@daDeb:~$ ssh root@citadel-station-homeworld.mrjcd.com
DD-WRT v3.0-r48208 std (c) 2022 NewMedia-NET GmbH
Release: 01/26/22
Board: Linksys EA8500
==========================================================
 
     ___  ___     _      _____  ______       ____  ___
    / _ \/ _ \___| | /| / / _ \/_  __/ _  __|_  / / _ \
   / // / // /___/ |/ |/ / , _/ / /   | |/ //_ <_/ // /
  /____/____/    |__/|__/_/|_| /_/    |___/____(_)___/
                                                     
                       DD-WRT v3.0
                   https://www.dd-wrt.com


==========================================================


BusyBox v1.35.0 (2022-01-26 07:06:49 +07) built-in shell (ash)

root@Citadel-Station-Homeworld:~# cat /etc/unbound/root.key
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

root@Citadel-Station-Homeworld:~# date
Wed Jan 26 17:27:31 CST 2022
root@Citadel-Station-Homeworld:~#
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14129
Location: Texas, USA

PostPosted: Thu Jan 27, 2022 4:26    Post subject: Reply with quote
Probably not going to exist on the TL-WR1043ND v2:

https://github.com/mirror/dd-wrt/blob/master/src/router/configs/ar7xxx/.config_wr1043v2

https://github.com/mirror/dd-wrt/blob/aee319c696e033d97e7a34301001e79775aa93cd/src/router/rules/dnsmasq.mk#L72

https://github.com/mirror/dd-wrt/blob/392b45a1dcd4c99d65104360da1ed9daa149b42e/src/router/dnsmasq/trust-anchors.conf

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6414
Location: UK, London, just across the river..

PostPosted: Thu Jan 27, 2022 12:32    Post subject: Reply with quote
kernel-panic69 wrote:
Probably not going to exist on the TL-WR1043ND v2:

https://github.com/mirror/dd-wrt/blob/master/src/router/configs/ar7xxx/.config_wr1043v2

https://github.com/mirror/dd-wrt/blob/aee319c696e033d97e7a34301001e79775aa93cd/src/router/rules/dnsmasq.mk#L72

https://github.com/mirror/dd-wrt/blob/392b45a1dcd4c99d65104360da1ed9daa149b42e/src/router/dnsmasq/trust-anchors.conf


thanks for pointing out KP69...Cool
also i was looking at those, but cannot understand why there is no directory and file created on 1043v2 and there is an GUI option for DNSSEC... should it be removed if not in use...or what it is doing, in general there...i'm away of my other routers to check around...

once again thanks for the help KP69...!

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7463
Location: Dresden, Germany

PostPosted: Thu Jan 27, 2022 14:42    Post subject: Re: where is the dnssec_trust_anchor location Reply with quote
Alozaros wrote:
Hi guys do you know by any chance, where is the dnssec_trust_anchors location, in DDWRT system, where to find it on my 1043v2 8MB flash size...


nowhere. dnssec is not included in the build for this model. if its included its /etc/trust-anchors.conf

_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7463
Location: Dresden, Germany

PostPosted: Thu Jan 27, 2022 14:54    Post subject: Reply with quote
i enabled it for next build. but not sure if this is a good idea. increases flash usage by 300 kb and dnssec might also be slow on these devices
_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6414
Location: UK, London, just across the river..

PostPosted: Thu Jan 27, 2022 17:44    Post subject: Reply with quote
ok i see...BS thanks for the explanation...

i was thinking this is what Cache DNSSEC data should do...probably im wrong...as i messed it with Validate DNS Replies

in my case, for my need i created it to /opt/etc/trust-anchors.conf instead, but still couldn't do whatever i was chasing...anyway...
i do hope next build will not be too big or messy for 1043v2 as my usb to ttl is far away of me Razz Laughing

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14129
Location: Texas, USA

PostPosted: Thu Jan 27, 2022 23:37    Post subject: Reply with quote
From email:
kernel-panic69 wrote:
Webflash would be around 8368156 bytes (7.98 megabytes); might be pushing the flash size limitation.

BrainSlayer wrote:
it fits still. but the cpu is slow

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum