Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-07 Thread Simon Kelley
On 07/02/14 08:21, Jan-Piet Mens wrote: Answering my previous question, this behaviour is specified in RFC 6840 para 5.7. Code changes to implement it are in git now. Have they been comitted? ;-) No visible change here ... Ooops. Try now.

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-07 Thread Matthias Andree
Am 07.02.2014 09:24, schrieb Simon Kelley: On 07/02/14 08:21, Jan-Piet Mens wrote: Answering my previous question, this behaviour is specified in RFC 6840 para 5.7. Code changes to implement it are in git now. Have they been comitted? ;-) No visible change here ... Ooops. Try now.

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-07 Thread Matthias Andree
Am 07.02.2014 09:24, schrieb Simon Kelley: On 07/02/14 08:21, Jan-Piet Mens wrote: Answering my previous question, this behaviour is specified in RFC 6840 para 5.7. Code changes to implement it are in git now. Have they been comitted? ;-) No visible change here ... Ooops. Try now.

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-07 Thread Jan-Piet Mens
Ooops. Try now. Very nice, Simon; looks good to me. -JP ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-07 Thread Jan-Piet Mens
I moved forward to test7, and now the FIRST query (the one shipping the RRSIG and other additional stuff) lacks the AD flag, subsequent responses carry it. I cannot confirm that. The first query sets the AD flag (and returns an RRSIG in the response), and subsequent queries also set AD flag

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-07 Thread Matthias Andree
Am 07.02.2014 09:45, schrieb Matthias Andree: Am 07.02.2014 09:24, schrieb Simon Kelley: On 07/02/14 08:21, Jan-Piet Mens wrote: Answering my previous question, this behaviour is specified in RFC 6840 para 5.7. Code changes to implement it are in git now. Have they been comitted? ;-) No

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-07 Thread Simon Kelley
On 07/02/14 09:25, Jan-Piet Mens wrote: So scrap this report for now, we should check, however, if dnsmasq forwarding to a second instance of itself works properly. :) It does! :-) Many thanks all for your thorough testing. I appreciate it! Simon. -JP

[Dnsmasq-discuss] DNSCrypt - the big picture

2014-02-07 Thread Lonnie Abelbeck
DNS Gurus, With all the excellent work on DNSSEC, I'd like to get this list's thoughts on the merits of using DNSCrypt. http://dnscrypt.org/ I cross-compiled dnscrypt-proxy 1.3.3 together with libsodium 0.4.5 from source, and it works splendidly with our beloved dnsmasq. FYI, I started

Re: [Dnsmasq-discuss] DNSCrypt - the big picture

2014-02-07 Thread Lonnie Abelbeck
On Feb 7, 2014, at 7:15 AM, Maciej Soltysiak wrote: On Fri, Feb 7, 2014 at 1:42 PM, Lonnie Abelbeck li...@lonnie.abelbeck.com wrote: I admit is is nice to know that no-one is silently altering DNS queries/responses in transit to a trusted DNS server, but is that being overly paranoid ?

Re: [Dnsmasq-discuss] DNSCrypt - the big picture

2014-02-07 Thread Maciej Soltysiak
On Fri, Feb 7, 2014 at 2:55 PM, Lonnie Abelbeck li...@lonnie.abelbeck.com wrote: On Feb 7, 2014, at 7:15 AM, Maciej Soltysiak wrote: On Fri, Feb 7, 2014 at 1:42 PM, Lonnie Abelbeck li...@lonnie.abelbeck.com wrote: I admit is is nice to know that no-one is silently altering DNS