[Dnsmasq-discuss] DNSSEC failure with v2.73rc10
Toke Høiland-Jørgensen
toke at toke.dk
Sun Jun 14 18:08:58 BST 2015
Simon Kelley <simon at thekelleys.org.uk> writes:
> Thanks Toke, finding these failure cases and fixing them, one at a
> time, is very necessary, but somewhat gruelling.
Yup, mapping out the DNS tree one corner case at a time. Appreciate the
effort, and glad I can help in a small way! :)
> The two CNAME domains are signed, but the eurovps.com isnt.
>
> Hence the result of the A query is not validatable, and check-unsigned
> has to prove that's OK, by showing that there's a secure denial of a DS
> record covering the query
Figured it probably had something to do with the transition from a
signed to an unsigned domain.
> The code got lost somewhere in the CNAMES when trying to prove
> non-existence of the DS. I've just checked in a fix, and it behaves
> now.
Cool, thanks a bunch!
-Toke
More information about the Dnsmasq-discuss
mailing list