[Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC

Uwe Schindler uwe at thetaphi.de
Mon Jan 4 16:05:03 GMT 2016


Hi,

Was there a change in dnsmasq related to this? Would be good to get some feedback. I'll try this version now. Currently I am running 2.75 (Debian testing pkg 2.75-1)
Do you have dnssec enabled?

Uwe

-----
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: uwe at thetaphi.de


> -----Original Message-----
> From: Dnsmasq-discuss [mailto:dnsmasq-discuss-
> bounces at lists.thekelleys.org.uk] On Behalf Of Kevin Darbyshire-Bryant
> Sent: Monday, January 04, 2016 4:40 PM
> To: dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Wildcard Domain resolving does not work
> with DNSSEC
> 
> 
> 
> On 04/01/16 14:48, Uwe Schindler wrote:
> > Hi,
> >
> > I found out that resolving of DNSSEC signed wildcard domains does not
> work correctly with dnsmasq. I think the problem is that it looks for a
> signature of the requested domain name and not the wildcard.
> >
> >
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 85.25.128.10#53(85.25.128.10)
> > ;; WHEN: Mon Jan  4 14:42:43 2016
> > ;; MSG SIZE  rcvd: 471
> >
> > How should this be solved? This is another one where dnssec fails, so
> clearly a bug.
> >
> > There is a test page about exactly that case, which fails for me when
> resolving through dnsmasq: http://0skar.cz/dns/en/
> >
> > Uwe
> >
> > -----
> > Uwe Schindler
> > H.-H.-Meier-Allee 63, D-28213 Bremen
> > http://www.thetaphi.de
> > eMail: uwe at thetaphi.de
> >
> >
> I just tried that page using dnsmasq276test2 and got 'green' for all tests.
> 
> Kevin
> 





More information about the Dnsmasq-discuss mailing list