[Dnsmasq-discuss] Dnsmasq masks dnssec signatures for AAAA records when serving local A records for the same hostname

Simon Kelley simon at thekelleys.org.uk
Tue Jul 7 21:32:40 BST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

What version of dnsmasq are you using?

Are you saying that dnsmasq strips the signatures from the answers
which arrive from upstream?

Do you have DNSSEC validation enabled in dnsmasq?


Cheers,

Simon.


On 30/06/15 04:07, Felix Lechner wrote:
> Hi,
> 
> My tomato router does not forward DNSSEC signatures for AAAA
> records when also serving local A records for the same hostnames
> from DHCP.
> 
> A local validating resolver which uses dnsmasq for caching will
> then not show the AAAA records from the signed zone.
> 
> Can I turn off the local DHCP hostname resolution (or the
> signature masking, if it is intentional), please?
> 
> Thank you!
> 
> Tomato firmware version is 1.28.
> 
> 
> 
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVnDdeAAoJEBXN2mrhkTWiKsAP/A2Y+XgAbI3A3DxINmL2x7fh
ghL2+tIQ6jyV1WHzhozq07bKW1Wq1rldLW3lcBo52MppGiqekR3B59BSwke9++OV
LBBmkQoKTl7nvaOea5DYzQVwGkHIwz6luOMjt/B4jPKRMgrFs03oEQOJRXvBcX5t
DPY2hiz3xCH7YmTwSKpdpb1lHtLTSeOex9KmjOqCMjD40C3KlA708D39eESEgyGw
g2KS6SgU5E2sYnVDDScWfTxaG8klj1ir3VN3VSooCI8/HiPBSyxaSR4Z3AcEIiQA
iWv97EO/MmHVbOW6ab94IiU8Ua21M1+o+X59Y78PcqSM3/d7si1JW3Y8l4tR3alZ
ZdpZNoDs4NQdIj8TSfeC4Py766DCNoW48A6FDTWoxBiASNYyMuDGTCOnCanWwvAc
317sSVNFxRCO1GV8XbPCPETT+g9XS0BVWVbojno0lzpOvrTAatSiOdjfawDrifSX
hxwWMFktRhXFqesjFQeSHjDefqoaRr8unZTWJZjs/ecDY/IeJcK6EKFsL3Br/ann
jRXj/2SNO5MN92zOB0yOz6wl+heJ1FOlSiKYltg+e/ro1Xuv/Rx540NYM5WDlJOJ
d9fTOSjB6tLSV7CZWCXawaFtgULAgbRefkddE8PVblAdk2nrq2kfAQwQaX58rr27
EXQeNBvSH0ZXdDYHdkdX
=rJdS
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list