[Dnsmasq-discuss] [PATCH] DNSSEC Validation (super-simplified version)
Chris Staite
chris at yourdreamnet.co.uk
Thu Apr 14 23:19:55 UTC 2022
Hi again again,
I realised it was even easier than that. This time I am done and going to bed though, so no more spam from me (at least tonight anyway).
This time I actually fixed an issue with my simplified version in so much as it was able to circumvent the unsigned check of the parent from the target of the CNAME if the CNAME came after the A record in the response, which was bad. This stops that from happening, which is good. It does require the CNAME to come before the A record, but I think that’s required in the standard anyway? If it doesn’t, well then at least it’s better than it was before.
Once again, please see previous for reasoning behind the patch.
Thanks, Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dnssec.patch
Type: application/octet-stream
Size: 492 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220415/d17997ec/attachment.obj>
-------------- next part --------------
More information about the Dnsmasq-discuss
mailing list