[Dnsmasq-discuss] Wildcard Domain resolving does not work with DNSSEC
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Mon Jan 4 15:39:59 GMT 2016
On 04/01/16 14:48, Uwe Schindler wrote:
> Hi,
>
> I found out that resolving of DNSSEC signed wildcard domains does not work correctly with dnsmasq. I think the problem is that it looks for a signature of the requested domain name and not the wildcard.
>
>
>
> ;; Query time: 0 msec
> ;; SERVER: 85.25.128.10#53(85.25.128.10)
> ;; WHEN: Mon Jan 4 14:42:43 2016
> ;; MSG SIZE rcvd: 471
>
> How should this be solved? This is another one where dnssec fails, so clearly a bug.
>
> There is a test page about exactly that case, which fails for me when resolving through dnsmasq: http://0skar.cz/dns/en/
>
> Uwe
>
> -----
> Uwe Schindler
> H.-H.-Meier-Allee 63, D-28213 Bremen
> http://www.thetaphi.de
> eMail: uwe at thetaphi.de
>
>
I just tried that page using dnsmasq276test2 and got 'green' for all tests.
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160104/bcb72194/attachment.bin>
More information about the Dnsmasq-discuss
mailing list