[Dnsmasq-discuss] Testers wanted: DNSSEC.
Matthias Andree
matthias.andree at gmx.de
Fri Feb 7 08:45:20 GMT 2014
Am 07.02.2014 09:24, schrieb Simon Kelley:
> On 07/02/14 08:21, Jan-Piet Mens wrote:
>>> Answering my previous question, this behaviour is specified in RFC
>>> 6840 para 5.7. Code changes to implement it are in git now.
>>
>> Have they been comitted? ;-) No visible change here ...
>
> Ooops. Try now.
>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=e243c072b591cdeff8ac00483f5a9e426729534b
>
>
I moved forward to test7, and now the FIRST query (the one shipping the
RRSIG and other additional stuff) lacks the AD flag, subsequent
responses carry it.
Do I need to disable DNSSEC verification in the BIND that dnsmasq
forwards to to get useful test results?
> $ dig sigok.verteiltesysteme.net. a +ad
>
> ; <<>> DiG 9.8.4-P2 <<>> sigok.verteiltesysteme.net. a +ad
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47460
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;sigok.verteiltesysteme.net. IN A
>
> ;; ANSWER SECTION:
> sigok.verteiltesysteme.net. 60 IN A 134.91.78.139
>
> ;; AUTHORITY SECTION:
> verteiltesysteme.net. 2698 IN NS ns1.verteiltesysteme.net.
> verteiltesysteme.net. 2698 IN NS ns2.verteiltesysteme.net.
>
> ;; ADDITIONAL SECTION:
> ns1.verteiltesysteme.net. 2698 IN A 134.91.78.139
> ns1.verteiltesysteme.net. 2698 IN AAAA 2001:638:501:8efc::139
> ns2.verteiltesysteme.net. 2698 IN A 134.91.78.141
> ns2.verteiltesysteme.net. 2698 IN AAAA 2001:638:501:8efc::141
>
> ;; Query time: 39 msec
> ;; SERVER: 192.168.33.4#53(192.168.33.4)
> ;; WHEN: Fri Feb 7 09:43:58 2014
> ;; MSG SIZE rcvd: 184
> $ dig sigok.verteiltesysteme.net. a +ad
>
> ; <<>> DiG 9.8.4-P2 <<>> sigok.verteiltesysteme.net. a +ad
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34332
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;sigok.verteiltesysteme.net. IN A
>
> ;; ANSWER SECTION:
> sigok.verteiltesysteme.net. 55 IN A 134.91.78.139
>
> ;; Query time: 0 msec
> ;; SERVER: 192.168.33.4#53(192.168.33.4)
> ;; WHEN: Fri Feb 7 09:44:03 2014
> ;; MSG SIZE rcvd: 60
More information about the Dnsmasq-discuss
mailing list