Shouldn't this report be closed or at least tagged as fixed in stretch?
signature.asc
Description: This is a digitally signed message part.
Package: dnsmasq
Version: 2.72-3+deb8u1
Severity: normal
Hello,
I've noticed that Debian Jessie still contains the version of dnsmasq which
incorrectly returns
SERVFAIL for _all_ zones signed by ECDSA. This bug was fixed in upstream by
Thank you for you fast response.
Sounds like it isn't fixable in jessie :/.
I solved the problem with apt pinning for me.
It isn't the nicest solution but it works.
I don't think so many people uses DNSSEC
but I think it would be good to have a warning in the config file that
ECDSA isn't
Package: dnsmasq
Version: 2.75-1
Followup-For: Bug #805596
I have a similar problem. If I enable dnssec feature in dnsmasq, name
resolving service is unreliable. Sometimes, it works. While other times
(like when after a swssup/resume) it fails completely.
A simple dig results it:
I suspect that the proximate cause of this is lack of support for the
ECDSA ciphersuite in 2.72. As you pointed out, this works OK in 2.75.
2.72 was a very early release for DNSSEC in dnsmasq, and there have been
many changes and fixes between 2.72 and 2.75. Backporting so many
changes is not
Package: dnsmasq
Version: 2.72-3+deb8u1
Severity: normal
Dear Maintainer,
Since cloudflare.com changed to dnssec dnsmasq can't resolve any domain
which is hosted by them.
I can easyly reproduce this issue if I create a blank debian jessie (I
used docker), install dnsmasq and enable dnssec as in
6 matches
Mail list logo
