[Dnsmasq-discuss] Announce: dnsmasq-2.69rc1

[Simon Kelley]

On 24/03/14 23:29, sven falempin wrote:

>>
>>
> 
> Yes it logs better when i launch with --dnssec-check-unsigned
> can i put these in the configuration file like bogus-priv
> :

Yes, the set of --long-option and config-file keywords is identical,
apart from a few which make no sense, like --version.

> 
> dnsmasq: query[A] ietf.org from 10.0.0.42
> dnsmasq: forwarded ietf.org to 8.8.8.8
> dnsmasq: dnssec-query[DNSKEY] ietf.org to 8.8.8.8
> dnsmasq: dnssec-query[DS] ietf.org to 8.8.8.8
> dnsmasq: dnssec-query[DNSKEY] org to 8.8.8.8
> dnsmasq: dnssec-query[DS] org to 8.8.8.8
> dnsmasq: dnssec-query[DNSKEY] . to 8.8.8.8
> dnsmasq: reply . is DNSKEY keytag 40926
> dnsmasq: reply . is DNSKEY keytag 33655
> dnsmasq: reply . is DNSKEY keytag 19036
> dnsmasq: reply org is DS keytag 21366
> dnsmasq: reply org is DS keytag 21366
> dnsmasq: reply org is DNSKEY keytag 9795
> dnsmasq: reply org is DNSKEY keytag 21366
> dnsmasq: reply org is DNSKEY keytag 1829
> dnsmasq: reply org is DNSKEY keytag 28794
> dnsmasq: reply ietf.org is DS keytag 45586
> dnsmasq: reply ietf.org is DS keytag 45586
> dnsmasq: reply ietf.org is DNSKEY keytag 40452
> dnsmasq: reply ietf.org is DNSKEY keytag 45586
> dnsmasq: validation result is SECURE
> dnsmasq: reply ietf.org is 4.31.198.44
> dnsmasq: query[AAAA] ietf.org from 10.0.0.42
> dnsmasq: forwarded ietf.org to 8.8.8.8
> dnsmasq: validation result is SECURE
> dnsmasq: reply ietf.org is 2001:1900:3001:11::2c
> dnsmasq: query[MX] ietf.org from 10.0.0.42
> dnsmasq: forwarded ietf.org to 8.8.8.8
> dnsmasq: validation result is SECURE
> 
> 
> 
> dnsmasq: query[A] paypal.com from 10.0.0.42
> dnsmasq: forwarded paypal.com to 8.8.8.8
> dnsmasq: dnssec-query[DNSKEY] paypal.com to 8.8.8.8
> dnsmasq: dnssec-query[DS] paypal.com to 8.8.8.8
> dnsmasq: dnssec-query[DNSKEY] com to 8.8.8.8
> dnsmasq: dnssec-query[DS] com to 8.8.8.8
> dnsmasq: reply com is DS keytag 30909
> dnsmasq: reply com is DNSKEY keytag 45932
> dnsmasq: reply com is DNSKEY keytag 30909
> dnsmasq: reply paypal.com is DS keytag 21037
> dnsmasq: reply paypal.com is DNSKEY keytag 21037
> dnsmasq: reply paypal.com is DNSKEY keytag 11811
> dnsmasq: validation result is SECURE
> dnsmasq: reply paypal.com is 66.211.169.3
> dnsmasq: reply paypal.com is 66.211.169.66
> dnsmasq: query[AAAA] paypal.com from 10.0.0.42
> dnsmasq: forwarded paypal.com to 8.8.8.8
> dnsmasq: validation result is SECURE
> dnsmasq: reply paypal.com is NODATA-IPv6
> dnsmasq: query[MX] paypal.com from 10.0.0.42
> dnsmasq: forwarded paypal.com to 8.8.8.8
> dnsmasq: validation result is SECURE
> 
> 

That looks good. If you try the queries for unsigned domains  again you
should see DNSSEC activity too, as dnsmasq verifies that they should be
unsigned.



Cheers,


Simon.

> 
> 
> 
>