[Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

Muell muell at ancientsound.de
Wed Jan 14 15:20:30 GMT 2015


Hi Simon,

you got a PM from me ('cause i don't wanna post my trust-anchor).
Thank you very much for getting into the Problem.

Am 14.01.2015 um 15:11 schrieb Simon Kelley:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thanks for that. Sadly, neither of those domains provoke the crash for
> me, so it's not that simple.
>
> What's the configuration? It's noticable that all the DNSSEC queries
> are being sent twice to 85.214.20.141, and there's a retry to
> 213.73.91.35. I can't immediately explain either of those facts.
>
> Please could you send the dnsmasq configuration files, either to the
> list, or to me direct if you don't want them to be public.
>
> Cheers,
>
> Simon.
>
>
> On 14/01/15 12:28, Muell wrote:
>> Hi Simon,
>>
>> it doesn't took a long time to get a hit. Here are the relevant
>> last lines before the crash. I hope it will help.
>> ==============================================================================================
>>
>>
>>
>> Jan 14 11:59:07 knox dnsmasq[26518]: forwarded bugzilla.ipfire.org
>> to 85.214.20.141 Jan 14 11:59:07 knox dnsmasq[26518]:
>> dnssec-query[DNSKEY] ipfire.org to 85.214.20.141 Jan 14 11:59:07
>> knox dnsmasq[26518]: dnssec-query[DNSKEY] ipfire.org to
>> 85.214.20.141 Jan 14 11:59:07 knox dnsmasq[26518]: dnssec-query[DS]
>> ipfire.org to 85.214.20.141 Jan 14 11:59:08 knox dnsmasq[26518]:
>> dnssec-query[DS] ipfire.org to 85.214.20.141 Jan 14 11:59:08 knox
>> dnsmasq[26518]: dnssec-query[DNSKEY] org to 85.214.20.141 Jan 14
>> 11:59:08 knox dnsmasq[26518]: dnssec-query[DNSKEY] org to
>> 85.214.20.141 Jan 14 11:59:08 knox dnsmasq[26518]: dnssec-query[DS]
>> org to 85.214.20.141 Jan 14 11:59:08 knox dnsmasq[26518]:
>> dnssec-query[DS] org to 85.214.20.141 Jan 14 11:59:08 knox
>> dnsmasq[26518]: dnssec-query[DNSKEY] . to 85.214.20.141 Jan 14
>> 11:59:08 knox dnsmasq[26518]: dnssec-query[DNSKEY] . to
>> 85.214.20.141 Jan 14 11:59:08 knox dnsmasq[26518]: query[AAAA]
>> ancientsound.de.zuhause.xx from 192.168.1.3 Jan 14 11:59:08 knox
>> dnsmasq[26518]: dnssec retry to 213.73.91.35 Jan 14 11:59:12 knox
>> dnsmasq[26518]: query[A] bugzilla.ipfire.org from 10.215.72.6 Jan
>> 14 11:59:12 knox kernel: dnsmasq[26518]: segfault at 0 ip 0805c6d5
>> sp bba49a90 error 4 in dnsmasq[8048000+30000] Jan 14 11:59:12 knox
>> kernel: grsec: Segmentation fault occurred at (nil) in
>> /usr/sbin/dnsmasq[dnsmasq:26518] uid/euid:99/99 gid/egid:40/40,
>> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Jan 14 11:59:12
>> knox kernel: grsec: bruteforce prevention initiated due to crash of
>> /usr/sbin/dnsmasq against uid 99, banning suid/sgid execs for 15
>> minutes.  Please investigate the crash report for
>> /usr/sbin/dnsmasq[dnsmasq:26518] uid/euid:99/99 gid/egid:40/40,
>> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
>>
>> ==============================================================================================
>>
>>
>>
>> Am 14.01.2015 um 12:14 schrieb Muell:
>>> Hi Simon,
>>>
>>> i'm the one of the users Michael Tremer told of (Segmetation
>>> faults on IPFire). I followed your hint and activated
>>> "--log-queries", so we will (may be) see what the problem is.
>>> Lucky me, the last few days dnsmasq runs for a couple of hours,
>>> the last crash were last night at 04:03AM. Unfortunally, i hadn't
>>> activated --log-queries.
>>>
>>> BTW: Sorry for writing this Mail out of the thread-context, but
>>> i'd just subscribed a few minutes ago.
>>>
>>> -- Regards,
>>>
>>> Olaf
>>>
>>>
>>> _______________________________________________ Dnsmasq-discuss
>>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
>> _______________________________________________ Dnsmasq-discuss
>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iEYEARECAAYFAlS2eQIACgkQKPyGmiibgrd4AQCfc4X8rBQ/1OwfP96rX2yVfdBS
> 7iIAniVkRgPOXwrE9YA3qwhH35eHwYgL
> =NfXU
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list