[Dnsmasq-discuss] RSA/SHA1-NSEC3-SHA1 signature bug?

Simon Gebler sige.bo at gmail.com
Wed Oct 22 22:37:18 BST 2014


Sorry if I sounded rude or anything.
Have a safe journey!

On October 22, 2014 11:20:35 PM CEST, Simon Kelley <simon at thekelleys.org.uk> wrote:
>On 21/10/14 15:24, SiGe wrote:
>> I experienced that problem myself, posted about it on the mailing
>list
>> a few days ago.
>> At least it happens on my domain that has both a SHA-1 AND 256 hash.
>> I'm experiencing it with the version currently shipped in the current
>> stable OpenWRT version.
>> 
>> So you're not alone there. Too bad my other post was unacknowledged
>so far :/
>
>Apologies for the lack of acknowledgement. I'm currently very busy and
>traveling. Getting to where I have available time _and_ a good
>cellphone
>signal is tricky, and I have a huge email backlog to crawl out from.
>I'll look at this as soon as I can.
>
>
>Cheers,
>
>Simon.
>
>> 
>> ~ Simon
>> 
>> On October 21, 2014 3:11:10 PM CEST, Michael Tremer
>> <michael.tremer at ipfire.org> wrote:
>>>
>>> Hello fellow dnsmasq users,
>>>
>>> there is a topic on the IPFire support forums I would like to point
>you
>>> to:
>>>
>>>   http://forum.ipfire.org/index.php?topic=11726.0
>>>
>>> It appears that dnsmasq cannot verify resource records of a
>>> DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its
>>> signatures. Although there is some code in dnsmasq that is supposed
>to
>>> handle this, it does not verify the records correctly.
>>>
>>> Did anyone else experience this problem? Is it a bug with dnsmasq or
>the
>>> authoritative name servers of that domain?
>>>
>>> Best,
>>> -Michael
>>>
>>> ________________________________
>>>
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> 
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> 




More information about the Dnsmasq-discuss mailing list