[Dnsmasq-discuss] Fwd: DS requests should be forwarded to the higher domain
Filippo Valsorda
filippo at cloudflare.com
Wed Sep 10 00:34:48 BST 2014
DS records are a ugly special case in DNSSEC, and they are kept not by
the zone NS but by the one on top of it.
So when faced with a config like
server=8.8.8.8
server=/ietf.org/64.170.98.2
a A request for ietf.org should go to 64.170.98.2 but a DS request for
ietf.org should go to 8.8.8.8. Otherwise it won't be possible to
verify a DNSSEC chain.
Attached is a patch that works but is horrible. Don't merge it.
Please cc me in replies. Thanks for the project!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Forward-DS-requests-to-the-top-server.patch
Type: application/octet-stream
Size: 2521 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140909/45504935/attachment.obj>
More information about the Dnsmasq-discuss
mailing list