[Dnsmasq-discuss] [PATCH] DNSSEC Validation (super-simplified version)
Geert Stappers
stappers at stappers.nl
Fri Apr 15 07:55:48 UTC 2022
On Fri, Apr 15, 2022 at 12:19:55AM +0100, Chris Staite via Dnsmasq-discuss wrote:
> Hi again again,
>
> I realised it was even easier than that. This time I am done and
> going to bed though, so no more spam from me (at least tonight anyway).
I when woke up, I did see three messages from same author about dnssec.
Only one message was openened (the other two got marked as read)
> This time I actually fixed an issue with my simplified version in so
> much as it was able to circumvent the unsigned check of the parent
> from the target of the CNAME if the CNAME came after the A record in
> the response, which was bad. This stops that from happening, which
> is good. It does require the CNAME to come before the A record, but
> I think that’s required in the standard anyway? If it doesn’t,
> well then at least it’s better than it was before.
>
> Once again, please see previous for reasoning behind the patch.
Please add the reason to the proposed patch.
> Thanks, Chris.
>
Groeten
Geert Stappers
--
Silence is hard to parse
More information about the Dnsmasq-discuss
mailing list