[Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

Michael Tremer michael.tremer at ipfire.org
Tue Oct 21 14:11:10 BST 2014

Hello fellow dnsmasq users,

there is a topic on the IPFire support forums I would like to point you


It appears that dnsmasq cannot verify resource records of a
DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its
signatures. Although there is some code in dnsmasq that is supposed to
handle this, it does not verify the records correctly.

Did anyone else experience this problem? Is it a bug with dnsmasq or the
authoritative name servers of that domain?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20141021/0e136754/attachment.sig>

More information about the Dnsmasq-discuss mailing list