/dev/null
+++ b/src/isc.c
@@ -0,0 +1,251 @@
+/* dnsmasq is Copyright (c) 2014 John Volpe, Simon Kelley and
+ Michael Tremer
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Fou
Hello Simon,
thanks for your reply.
On Wed, 2014-07-30 at 22:24 +0100, Simon Kelley wrote:
> On 30/07/14 11:51, Michael Tremer wrote:
> > Hello fellow dnsmasq users,
> >
> > I am working on the free firewall distribution called IPFire
> > (www.ipfire.org) and
Hello list,
I think I might have some very similar problem here. It is not specific
to dnsmasq. The result is the same to what Conrad has reported.
When ever dnsmasq is running with DNSSEC enabled, I cannot resolve any
DNSSEC-enabled domain. Zones that do not have DNSSEC work as usual.
When trac
On Wed, 2014-08-20 at 19:54 +0100, Simon Kelley wrote:
> On 20/08/14 14:28, Michael Tremer wrote:
> > Hello list,
> >
> > I think I might have some very similar problem here. It is not specific
> > to dnsmasq. The result is the same to what Conrad has reported.
&g
Hello fellow dnsmasq users,
there is a topic on the IPFire support forums I would like to point you
to:
http://forum.ipfire.org/index.php?topic=11726.0
It appears that dnsmasq cannot verify resource records of a
DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its
signatures. Al
; >> busy and traveling. Getting to where I have available time _and_
> >> a good cellphone signal is tricky, and I have a huge email
> >> backlog to crawl out from. I'll look at this as soon as I can.
> >>
> >>
> >> Cheers,
> >>
> >>
b/?p=dnsmasq.git;a=commit;h=094b5c3d904bae9aeb3206d9f3b8348926b84975
>
> would be a very likely candidate to fix the crash problem. If that
> doesn't do it it would be really good to find a way to reproduce the
> problem.
>
>
>
> Cheers,
>
> Simon.
>
> On 02/01/
, which would make tracing
> this sort of thing easier.
>
>
> Cheers,
>
>
> Simon.
>
>
> On 11/01/15 20:59, Michael Tremer wrote:
> > Hello Simon,
> >
> > unfortunately this does not seem to be it.
> >
> > I got one report back fro
Hello,
I am not sure if I am experiencing the same bug here or if it is
somewhat different.
When I try accessing some domains that use DNSSEC (like ipfire.org does,
but this applies to other as well), I sometimes get SERVFAIL. This
happens usually for bigger replies where fragmentation comes into
swer that doesn't trigger fallback to TCP,
> though with DNSSEC information included, the answer is 1244 bytes, so
> it _could_ trigger TCP on some links.
>
> It would be useful to test with 2.73rc7 Alon, if you can.
>
>
> Many thanks for the tests and info.
>
> C
Hello Simon,
hello list,
I was just wondering if someone has ever considered to support RFC5011
in dnsmasq:
https://tools.ietf.org/html/rfc5011
This will automatically update the trust anchor in case the KSK of the
root zone is replaced which will probably happen this year.
The implementation
the . zone? What if I use a
trust-anchor for my own zone? Shouldn't that one be updated, too? In
that case it is again better to check the running configuration of
dnsmasq and then perform an update for these, too (didn't check what
the RFC says about this).
Just my thoughts...
Best,
-Mi
12 matches
Mail list logo
