Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

Wed, 05 Feb 2014 00:43:22 -0800 

On 04/02/14 23:31, Eugene Rudoy wrote:

Hi Simon,

hmm, doesn't work for me yet. *All* replies are considered to be INSECURE.

Feb  5 00:14:50 fb daemon.info dnsmasq[4022]: started, version
2.69test6 cachesize 256
Feb  5 00:14:50 fb daemon.info dnsmasq[4022]: compile time options:
no-IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP
no-conntrack ipset auth DNSSEC
Feb  5 00:14:50 fb daemon.info dnsmasq[4022]: DNSSEC validation enabled
Feb  5 00:14:50 fb daemon.info dnsmasq[4022]: asynchronous logging
enabled, queue limit is 10 messages
Feb  5 00:14:50 fb daemon.info dnsmasq-dhcp[4022]: DHCP, IP range
192.168.xx.20 -- 192.168.xx.99, lease time 12h
Feb  5 00:14:50 fb daemon.info dnsmasq-tftp[4022]: TFTP root is /tftproot
Feb  5 00:14:50 fb daemon.info dnsmasq[4022]: using nameserver 8.8.4.4#53
Feb  5 00:14:50 fb daemon.info dnsmasq[4022]: using nameserver 8.8.8.8#53
Feb  5 00:14:50 fb daemon.info dnsmasq[4022]: read /etc/hosts - 23 addresses
Feb  5 00:14:50 fb daemon.info dnsmasq-dhcp[4022]: read /etc/ethers -
3 addresses

Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: query[A] www.google.com
from 192.168.xx.20
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: forwarded www.google.com
to 8.8.8.8
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: validation result is INSECURE
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: reply www.google.com is
173.194.69.99
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: reply www.google.com is
173.194.69.103
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: reply www.google.com is
173.194.69.106
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: reply www.google.com is
173.194.69.147
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: reply www.google.com is
173.194.69.105
Feb  5 00:22:19 fb daemon.info dnsmasq[4022]: reply www.google.com is
173.194.69.104

Feb  5 00:22:58 fb daemon.info dnsmasq[4022]: query[A]
www.facebook.com from 192.168.xx.20
Feb  5 00:22:58 fb daemon.info dnsmasq[4022]: forwarded
www.facebook.com to 8.8.8.8
Feb  5 00:22:58 fb daemon.info dnsmasq[4022]: validation result is INSECURE
Feb  5 00:22:58 fb daemon.info dnsmasq[4022]: reply www.facebook.com is <CNAME>
Feb  5 00:22:58 fb daemon.info dnsmasq[4022]: reply
star.c10r.facebook.com is 31.13.81.49
Most zones (including those you use as examples) are not (yet) signed, so that's the expected result. 

Try

paypal.com
ietf.org
www.dnssec-failed.org

Cheers,

Simon.




_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to