[gentoo-dev] bugs.gentoo.org and dnssec

Alon Bar-Lev Tue, 21 Apr 2015 10:28:16 -0700

Hi,

Not sure where the problem is... maybe others can reproduce this.


When using bugs.gentoo.org with dnsmasq and dnssec enabled, I cannot
access attachments.

The attachments are forwarded to a CNAME, for example:
---
546330.bugs.gentoo.org. 60      IN      CNAME   bugs-gossamer.gentoo.org.
bugs-gossamer.gentoo.org. 300   IN      CNAME   gannet.gentoo.org.
gannet.gentoo.org.      604800  IN      A       204.187.15.4
---

When trying to access without dnssec all is ok:
---
Apr 21 20:19:04 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1
Apr 21 20:19:04 [dnsmasq] forwarded 546330.bugs.gentoo.org to 192.168.1.1
Apr 21 20:19:04 [dnsmasq] validation result is INSECURE
Apr 21 20:19:04 [dnsmasq] reply 546330.bugs.gentoo.org is <CNAME>
Apr 21 20:19:04 [dnsmasq] reply bugs-gossamer.gentoo.org is <CNAME>
Apr 21 20:19:04 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4
---

When trying to access with dnssec, notice the "validation result is
BOGUS", no result is returned:
---
Apr 21 20:09:33 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1
Apr 21 20:09:33 [dnsmasq] forwarded 546330.bugs.gentoo.org to 10.38.5.26
Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] gentoo.org to 10.38.5.26
Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] gentoo.org to 10.38.5.26
Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] org to 10.38.5.26
Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] org to 10.38.5.26
Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] . to 10.38.5.26
Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 19036
Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 48613
Apr 21 20:09:33 [dnsmasq] reply org is DS keytag 21366
                - Last output repeated twice -
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 3213
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 21366
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 9795
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 34023
Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DS keytag 46873
                - Last output repeated twice -
Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 52980
Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 46873
Apr 21 20:09:33 [dnsmasq] validation result is BOGUS
Apr 21 20:09:33 [dnsmasq] reply 546330.bugs.gentoo.org is <CNAME>
Apr 21 20:09:33 [dnsmasq] reply bugs-gossamer.gentoo.org is <CNAME>
Apr 21 20:09:33 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4
---

Maybe it is local issue of the dns I am using (I have no access to
it), but maybe there is a issue at infra.

Regards,
Alon Bar-Lev.

[gentoo-dev] bugs.gentoo.org and dnssec

Reply via email to