I experienced that problem myself, posted about it on the mailing list a few days ago. At least it happens on my domain that has both a SHA-1 AND 256 hash. I'm experiencing it with the version currently shipped in the current stable OpenWRT version.
So you're not alone there. Too bad my other post was unacknowledged so far :/ ~ Simon On October 21, 2014 3:11:10 PM CEST, Michael Tremer <michael.tre...@ipfire.org> wrote: > > Hello fellow dnsmasq users, > > there is a topic on the IPFire support forums I would like to point you > to: > > http://forum.ipfire.org/index.php?topic=11726.0 > > It appears that dnsmasq cannot verify resource records of a > DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its > signatures. Although there is some code in dnsmasq that is supposed to > handle this, it does not verify the records correctly. > > Did anyone else experience this problem? Is it a bug with dnsmasq or the > authoritative name servers of that domain? > > Best, > -Michael > > ________________________________ > > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
