[Dnsmasq-discuss] Fwd: DS requests should be forwarded to the higher domain

Filippo Valsorda filippo at cloudflare.com
Wed Sep 10 00:34:48 BST 2014


DS records are a ugly special case in DNSSEC, and they are kept not by
the zone NS but by the one on top of it.

So when faced with a config like

server=8.8.8.8
server=/ietf.org/64.170.98.2

a A request for ietf.org should go to 64.170.98.2 but a DS request for
ietf.org should go to 8.8.8.8. Otherwise it won't be possible to
verify a DNSSEC chain.

Attached is a patch that works but is horrible. Don't merge it.

Please cc me in replies. Thanks for the project!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Forward-DS-requests-to-the-top-server.patch
Type: application/octet-stream
Size: 2521 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140909/45504935/attachment.obj>


More information about the Dnsmasq-discuss mailing list