[Dnsmasq-discuss] DNSSEC validation causes SIGSEGV by strcpy from 0x0
alex_y_xu at yahoo.ca
Tue Mar 25 23:03:14 UTC 2014
On 25/03/14 06:59 PM, Simon Kelley wrote:
> On 25/03/14 22:46, Alex Xu wrote:
>> I am using the Firefox DNSSEC Validator addon, so perhaps that
>> queries in a peculiar fashion.
>> Dnsmasq is installed locally, only handles DNS, and has servers
>> configured through resolvconf. Servers are 22.214.171.124 and 126.96.36.199.
>> Note that the former is DNSSEC-compliant, whereas the latter passes
>> through DNSSEC records but does not support DNSSEC itself.
> At least from here, 188.8.131.52 does not include DNSSEC records in
> answers, and is therefore not suitable for use with dnsmasq in DNSSEC
> validation mode.
> That certainly explains the observations, the answer is coming back
> unsigned, and dnsmasq (with --dnssec-check-unsigned) is searching in
> vain for DS records indicating that's OK. The bug is that it doesn't
> stop when it gets back to the root.
> I'll push some fixes for this tomorrow.
Poor wording on my part. I meant that `dig isc.org @184.108.40.206 +dnssec`
returns no results, but `dig isc.org rrsig @220.127.116.11` does.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the Dnsmasq-discuss