[Dnsmasq-discuss] Fwd: [Cerowrt-devel] Fwd: Testers wanted: DNSSEC.
Dave Taht
dave.taht at gmail.com
Wed Feb 5 17:25:27 GMT 2014
---------- Forwarded message ----------
From: Toke Høiland-Jørgensen <toke at toke.dk>
Date: Wed, Feb 5, 2014 at 12:10 PM
Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC.
To: Dave Taht <dave.taht at gmail.com>
Cc: "cerowrt-devel at lists.bufferbloat.net" <cerowrt-devel at lists.bufferbloat.net>
Toke Høiland-Jørgensen <toke at toke.dk> writes:
> Can add it to my bufferbloat OBS :)
Right, so packages available for Arch, Debian 7 and Ubuntu 12.04, 12.10
and 13.10 are available from here:
https://build.opensuse.org/project/repositories/home:tohojo:dnsmasq
For some reason, signature verification is failing for me on the Arch
repo.
Also, installed it on my workstation, and it seems to do *something* at
least. Running with --log-queries I get output like this:
dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1
dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1
dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1
dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1
dnsmasq[19525]: reply tohojo.dk is DS keytag 49471
dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 30141
dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 49471
dnsmasq[19525]: validation result is SECURE
(I'm still running BIND on localhost on a different port which is why
it's forwarded to there...)
And sometimes there's also lines saying
dnsmasq[19525]: validation result is INSECURE
but mostly from in-addr.arpa and other places that I wouldn't expect to
be verified.
Finally there's a bunch of queries that don't say anything about dnssec
anywhere.
Oh, and --dnssec-debug doesn't seem to do anything.
-Toke
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 499 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140205/78dc8d33/attachment.pgp>
More information about the Dnsmasq-discuss
mailing list