[Dnsmasq-discuss] DNSSEC validation causes SIGSEGV by strcpy from 0x0
Alex Xu
alex_y_xu at yahoo.ca
Tue Mar 25 23:03:14 UTC 2014
On 25/03/14 06:59 PM, Simon Kelley wrote:
> On 25/03/14 22:46, Alex Xu wrote:
>> I am using the Firefox DNSSEC Validator addon, so perhaps that
>> queries in a peculiar fashion.
>
>> Dnsmasq is installed locally, only handles DNS, and has servers
>> configured through resolvconf. Servers are 8.8.4.4 and 74.82.42.42.
>> Note that the former is DNSSEC-compliant, whereas the latter passes
>> through DNSSEC records but does not support DNSSEC itself.
>
> At least from here, 74.82.42.42 does not include DNSSEC records in
> answers, and is therefore not suitable for use with dnsmasq in DNSSEC
> validation mode.
>
> That certainly explains the observations, the answer is coming back
> unsigned, and dnsmasq (with --dnssec-check-unsigned) is searching in
> vain for DS records indicating that's OK. The bug is that it doesn't
> stop when it gets back to the root.
>
> I'll push some fixes for this tomorrow.
>
> Cheers,
>
> Simon.
>
>
Poor wording on my part. I meant that `dig isc.org @74.82.42.42 +dnssec`
returns no results, but `dig isc.org rrsig @74.82.42.42` does.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140325/d7e5607f/attachment.sig>
More information about the Dnsmasq-discuss
mailing list