[Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

SiGe sige.kitty at gmail.com
Tue Oct 21 15:24:38 BST 2014


I experienced that problem myself, posted about it on the mailing list
a few days ago.
At least it happens on my domain that has both a SHA-1 AND 256 hash.
I'm experiencing it with the version currently shipped in the current
stable OpenWRT version.

So you're not alone there. Too bad my other post was unacknowledged so far :/

~ Simon

On October 21, 2014 3:11:10 PM CEST, Michael Tremer
<michael.tremer at ipfire.org> wrote:
>
> Hello fellow dnsmasq users,
>
> there is a topic on the IPFire support forums I would like to point you
> to:
>
>   http://forum.ipfire.org/index.php?topic=11726.0
>
> It appears that dnsmasq cannot verify resource records of a
> DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its
> signatures. Although there is some code in dnsmasq that is supposed to
> handle this, it does not verify the records correctly.
>
> Did anyone else experience this problem? Is it a bug with dnsmasq or the
> authoritative name servers of that domain?
>
> Best,
> -Michael
>
> ________________________________
>
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list