Hello, My name is Didier Trécherel, I'm a french student at Telecom SudParis. My english may not be perfect, but I'll do my best.
I'm currently working on an implementation of DNSSEC and DANE protocols in a virtualized environment. (VMs run ubuntu desktop/server) Everything is working great, except your plugin DNSSEC/TLSA Validator that doesn't run as expected. My DNS infrastructure allows my client to resolve the domain name " www.my-bank.com. ". I changed my plugin's preferences to use my own resolver, but when I'm browsing to " www.my-bank.com. ", it informs me that the domain name is not secured with DNSSEC: +-------------------------------------------+ | Not secured with DNSSEC | | | | Nonexistence of the domain name www.my- | | bank.com can not be verified with DNSSEC. | +-------------------------------------------+ I launched wireshark, and it seems that your plugin first starts to contact my (virtualized) resolver, asking for the DNSKEY RRset several times and stops. Then it use the (real) root NSs, evading the virtualized environment (it shows the same message that the one I get using my own PC). I think that the plugin can't match the DNSKEY of my root server with its root.key file, thus asks again (6 times it seems). As it thinks it can't use my DNS infra, it contacts the real root NSs. Is there a way to avoid this? Yours sincerely, Didier Trécherel PS : It seems there is a typo in the windows version, the warning I got using my own PC is " [...] www.my-bank.com. an not be verified [...] "
_______________________________________________ dnssec-validator-users mailing list [email protected] https://lists.nic.cz/cgi-bin/mailman/listinfo/dnssec-validator-users
