[Dnsmasq-discuss] Testers wanted: DNSSEC.
matthias.andree at gmx.de
Fri Feb 7 09:04:54 GMT 2014
Am 07.02.2014 09:45, schrieb Matthias Andree:
> Am 07.02.2014 09:24, schrieb Simon Kelley:
>> On 07/02/14 08:21, Jan-Piet Mens wrote:
>>>> Answering my previous question, this behaviour is specified in RFC
>>>> 6840 para 5.7. Code changes to implement it are in git now.
>>> Have they been comitted? ;-) No visible change here ...
>> Ooops. Try now.
> I moved forward to test7, and now the FIRST query (the one shipping the
> RRSIG and other additional stuff) lacks the AD flag, subsequent
> responses carry it.
> Do I need to disable DNSSEC verification in the BIND that dnsmasq
> forwards to to get useful test results?
No, I figured that I had forgotten an old /etc/resolv.conf in place, and
the dnsmasq I am looking at was actually forwarding to a dnsmasq 2.59
compiled for Ubuntu 12.04LTS.
With BIND or UNBOUND for a forwarder, the first response also carries
the +AD, as it does for Jan-Piet.
So scrap this report for now, we should check, however, if dnsmasq
forwarding to a second instance of itself works properly. :)
More information about the Dnsmasq-discuss