[Dnsmasq-discuss] DNSSEC validation causes SIGSEGV by strcpy from 0x0

Alex Xu alex_y_xu at yahoo.ca
Tue Mar 25 23:03:14 UTC 2014


On 25/03/14 06:59 PM, Simon Kelley wrote:
> On 25/03/14 22:46, Alex Xu wrote:
>> I am using the Firefox DNSSEC Validator addon, so perhaps that
>> queries in a peculiar fashion.
> 
>> Dnsmasq is installed locally, only handles DNS, and has servers
>> configured through resolvconf. Servers are 8.8.4.4 and 74.82.42.42.
>> Note that the former is DNSSEC-compliant, whereas the latter passes
>> through DNSSEC records but does not support DNSSEC itself.
> 
> At least from here, 74.82.42.42 does not include DNSSEC records in
> answers, and is therefore not suitable for use with dnsmasq in DNSSEC
> validation mode.
> 
> That certainly explains the observations, the answer is coming back
> unsigned, and dnsmasq (with --dnssec-check-unsigned) is searching in
> vain for DS records indicating that's OK. The bug is that it doesn't
> stop when it gets back to the root.
> 
> I'll push some fixes for this tomorrow.
> 
> Cheers,
> 
> Simon.
> 
> 

Poor wording on my part. I meant that `dig isc.org @74.82.42.42 +dnssec`
returns no results, but `dig isc.org rrsig @74.82.42.42` does.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140325/d7e5607f/attachment.sig>


More information about the Dnsmasq-discuss mailing list