Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-28 Thread Simon Kelley
On 27/05/12 20:20, Gerd Koenig wrote: Hi, On 25 May 2012 16:11, Simon Kelley wrote: On 25/05/12 12:14, Jan-Piet Mens wrote: relaxing the hex parsing to make colons and leading zeros optional gets the possibility of something that's almost an natural encoding in this case, and may be generall

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-28 Thread Simon Kelley
On 27/05/12 20:20, Gerd Koenig wrote: > Hi, > > On 25 May 2012 16:11, Simon Kelley > wrote: > > On 25/05/12 12:14, Jan-Piet Mens wrote: > >> relaxing the hex parsing to make colons and leading zeros > optional gets > >> the possibility of something

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-27 Thread Gerd Koenig
Hi, On 25 May 2012 16:11, Simon Kelley wrote: > On 25/05/12 12:14, Jan-Piet Mens wrote: > >> relaxing the hex parsing to make colons and leading zeros optional gets > >> the possibility of something that's almost an natural encoding in this > >> case, and may be generally useful if less easy to

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-25 Thread Simon Kelley
On 25/05/12 12:14, Jan-Piet Mens wrote: >> relaxing the hex parsing to make colons and leading zeros optional gets >> the possibility of something that's almost an natural encoding in this >> case, and may be generally useful if less easy to use. >> >> dns-rr=44,2:1:123456789abcdef67890123456789abc

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-25 Thread Jan-Piet Mens
> relaxing the hex parsing to make colons and leading zeros optional gets > the possibility of something that's almost an natural encoding in this > case, and may be generally useful if less easy to use. > > dns-rr=44,2:1:123456789abcdef67890123456789abcdef67890 > > Opinions? Go for it! I recom

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-25 Thread Simon Kelley
On 24/05/12 19:17, Jan-Piet Mens wrote: >> keys as "SSHFP-Record"s, so that I'm able to call via <> user@remotehost-o "VerifyHostKeyDNS=yes">> and get a result line like >> "Matching host key >> fingerprint found in DNS". > > This may or not be painful, if you're not using DNSSEC. (You may like to

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-24 Thread Gerd Koenig
Hi JP, thanks for your response. I'll work through the discussion and dive into dnssec. Interesting topic I didn't get in touch... br...: Gerd :... On 24 May 2012 20:17, Jan-Piet Mens wrote: > > keys as "SSHFP-Record"s, so that I'm able to call via < > user@remotehost-o "VerifyHostKeyDNS=yes"

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-24 Thread Jan-Piet Mens
> keys as "SSHFP-Record"s, so that I'm able to call via < user@remotehost-o "VerifyHostKeyDNS=yes">> and get a result line like > "Matching host key > fingerprint found in DNS". This may or not be painful, if you're not using DNSSEC. (You may like to glance at a discussion, and the comments, at [1

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-24 Thread Gerd Koenig
Hi Richard, thanks for answering Yes, it is possible to add both lines as a TXT-Record, but this is not what I really want ;-) . In the end I want to be able to establish a ssh connection to a remote host and its public key should be offered by DNS. Therefore I have to add the keys as "SSHFP-

Re: [Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-24 Thread richardvo...@gmail.com
dnsmasq doesn't use zone files. You can try with txt-record= (see the man page for details) On Thu, May 24, 2012 at 5:44 AM, Gerd Koenig wrote: > Hi List, > > I'm currently looking for a solution to provide ssh-keys via DNS. Seems like > sshfp records will solve this issue ... so far so good. >

[Dnsmasq-discuss] dnsmasq and sshfp records

2012-05-24 Thread Gerd Koenig
Hi List, I'm currently looking for a solution to provide ssh-keys via DNS. Seems like sshfp records will solve this issue ... so far so good. Since we are using dnsmasq as dns/dhcp/pxe-server I wanted to ask how to put the generated sshfp records into dnsmasq ??? After searching for a while I got