[Dnsmasq-discuss] Using DNSSEC validated SSHFP records
Jeff Kopera
jeff.kopera at gmail.com
Thu Jul 19 23:40:29 BST 2018
Hi,
I am wondering if it is possible to use dnsmasq to store SSHFP records and
then make use of them when using ssh with the VerifyHostKeyDNS=yes option.
I'm able to get the SSHFP into dnsmasq making use of dns-rr, but when I run
ssh I get told that the fingerprint is insecure. I know if I were using
bind I would be required to generate a ZSK and a KSK and sign the zone. I
was wondering if there was an analogous process for dnsmasq. It's looking
to me like this may be possible by adding more dns-rr records, but it's
unclear to me what I need to add, I expect at a minimum DNSKEY and RRSIG.
Thanks for any help you can provide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180719/2462d56b/attachment.html>
More information about the Dnsmasq-discuss
mailing list