On 07/02/14 08:21, Jan-Piet Mens wrote:
Answering my previous question, this behaviour is specified in RFC
6840 para 5.7. Code changes to implement it are in git now.
Have they been comitted? ;-) No visible change here ...
Ooops. Try now.
Am 07.02.2014 09:24, schrieb Simon Kelley:
On 07/02/14 08:21, Jan-Piet Mens wrote:
Answering my previous question, this behaviour is specified in RFC
6840 para 5.7. Code changes to implement it are in git now.
Have they been comitted? ;-) No visible change here ...
Ooops. Try now.
Am 07.02.2014 09:24, schrieb Simon Kelley:
On 07/02/14 08:21, Jan-Piet Mens wrote:
Answering my previous question, this behaviour is specified in RFC
6840 para 5.7. Code changes to implement it are in git now.
Have they been comitted? ;-) No visible change here ...
Ooops. Try now.
Ooops. Try now.
Very nice, Simon; looks good to me.
-JP
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
I moved forward to test7, and now the FIRST query (the one shipping the
RRSIG and other additional stuff) lacks the AD flag, subsequent
responses carry it.
I cannot confirm that. The first query sets the AD flag (and returns an
RRSIG in the response), and subsequent queries also set AD flag
Am 07.02.2014 09:45, schrieb Matthias Andree:
Am 07.02.2014 09:24, schrieb Simon Kelley:
On 07/02/14 08:21, Jan-Piet Mens wrote:
Answering my previous question, this behaviour is specified in RFC
6840 para 5.7. Code changes to implement it are in git now.
Have they been comitted? ;-) No
On 07/02/14 09:25, Jan-Piet Mens wrote:
So scrap this report for now, we should check, however, if dnsmasq
forwarding to a second instance of itself works properly. :)
It does! :-)
Many thanks all for your thorough testing. I appreciate it!
Simon.
-JP
1. I am getting different results on two subsequent identical queries
WRT RRSIG record and AD flag.
The second answer comes from the cache, and the D0 bit is not set in
the query, so the answer doesn't have the AD flag or RRSIG, if you
add +dnssec to the dig command you should see both in
I compiled 2.69test6 on armv5tel (linksys 4200v2 running debian) using
dpkg-buildpackage.
dnsmasq crashes on the first received query with *** stack smashing
detected ***: /usr/sbin/dnsmasq terminated
Recompiled with CFLAGS=-g and started under gdb. Output follows
root@pms28:~/dev# gdb
On 05/02/14 23:35, Eugene Rudoy wrote:
Hi Simon,
On Thu, Feb 6, 2014 at 12:23 AM, Eugene Rudoy gene.de...@gmail.com wrote:
hmm, tried all above, still INSECURE
--dnssec-debug doesn't make log more verbose or provide any additional
information. Is it the expected behavior?
It does two
On 05/02/14 23:23, Eugene Rudoy wrote:
Hi Simon,
On Wed, Feb 5, 2014 at 9:39 AM, Simon Kelley si...@thekelleys.org.uk wrote:
Most zones (including those you use as examples) are not (yet) signed, so
that's the expected result.
Try
paypal.com
ietf.org
www.dnssec-failed.org
hmm, tried all
On 06/02/14 10:17, Henk Jan Agteresch wrote:
I compiled 2.69test6 on armv5tel (linksys 4200v2 running debian) using
dpkg-buildpackage.
dnsmasq crashes on the first received query with *** stack smashing
detected ***: /usr/sbin/dnsmasq terminated
Recompiled with CFLAGS=-g and started under gdb.
On 06/02/14 08:15, Jan-Piet Mens wrote:
1. I am getting different results on two subsequent identical queries
WRT RRSIG record and AD flag.
The second answer comes from the cache, and the D0 bit is not set in
the query, so the answer doesn't have the AD flag or RRSIG, if you
add +dnssec to
On 05/02/14 08:58, Matthias Andree wrote:
Am 05.02.2014 09:46, schrieb Simon Kelley:
The second answer comes from the cache, and the D0 bit is not set in the
query, so the answer doesn't have the AD flag or RRSIG, if you add
+dnssec to the dig command you should see both in replies from the
OK, I can reproduce this on the Beaglebone. Investigation in progress...
Cheers,
Simon.
On 06/02/14 10:17, Henk Jan Agteresch wrote:
I compiled 2.69test6 on armv5tel (linksys 4200v2 running debian) using
dpkg-buildpackage.
dnsmasq crashes on the first received query with *** stack
On 06/02/14 10:17, Henk Jan Agteresch wrote:
I compiled 2.69test6 on armv5tel (linksys 4200v2 running debian) using
dpkg-buildpackage.
dnsmasq crashes on the first received query with *** stack smashing
detected ***: /usr/sbin/dnsmasq terminated
Fixed code in 2.69test for from git pull.
It
On 06/02/14 08:15, Jan-Piet Mens wrote:
1. I am getting different results on two subsequent identical queries
WRT RRSIG record and AD flag.
The second answer comes from the cache, and the D0 bit is not set in
the query, so the answer doesn't have the AD flag or RRSIG, if you
add +dnssec to
On Thu, 06 Feb 2014, Simon Kelley wrote:
On 06/02/14 10:17, Henk Jan Agteresch wrote:
I compiled 2.69test6 on armv5tel (linksys 4200v2 running debian) using
dpkg-buildpackage.
dnsmasq crashes on the first received query with *** stack smashing
detected ***: /usr/sbin/dnsmasq terminated
On 04/02/14 23:31, Eugene Rudoy wrote:
Hi Simon,
hmm, doesn't work for me yet. *All* replies are considered to be INSECURE.
Feb 5 00:14:50 fb daemon.info dnsmasq[4022]: started, version
2.69test6 cachesize 256
Feb 5 00:14:50 fb daemon.info dnsmasq[4022]: compile time options:
no-IPv6
On 05/02/14 01:36, Matthias Andree wrote:
Am 04.02.2014 16:29, schrieb Simon Kelley:
DNSSEC in dnsmasq is a long story. There have been requests for the
feature for at least five years, and work was started in earnest two
years ago, when Giovanni Bajo got much of the way on validation, and I
Hi Simon,
On Wed, Feb 5, 2014 at 9:39 AM, Simon Kelley si...@thekelleys.org.uk wrote:
Most zones (including those you use as examples) are not (yet) signed, so
that's the expected result.
Try
paypal.com
ietf.org
www.dnssec-failed.org
hmm, tried all above, still INSECURE
Feb 6
Hi Simon,
hmm, doesn't work for me yet. *All* replies are considered to be INSECURE.
Feb 5 00:14:50 fb daemon.info dnsmasq[4022]: started, version
2.69test6 cachesize 256
Feb 5 00:14:50 fb daemon.info dnsmasq[4022]: compile time options:
no-IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6
Am 04.02.2014 16:29, schrieb Simon Kelley:
DNSSEC in dnsmasq is a long story. There have been requests for the
feature for at least five years, and work was started in earnest two
years ago, when Giovanni Bajo got much of the way on validation, and I
made the necessary changes to the cache
23 matches
Mail list logo