For some reason, subsequent DNS queries do not always bring the same
result here with the above configuration:
First queries after a reboot return what's expected:
nicolas@nicolas-desktop:~ 0 $ dig www.dnssec-failed.org
; <<>> DiG 9.9.5-11ubuntu1.1-Ubuntu <<>> www.dnssec-failed.org
;; global opt
On Wily, I edited /etc/dnsmasq.d/network-manager and added the following
lines:
# DNSSEC setup
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
dnssec-check-unsigned
I then restarted network-manager and tried to connect to
http://www.dnssec-failed.
Does anyone have instructions for how to configure this by hand on a
desktop Ubuntu vivid or wily installation?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/995332
Title:
Do NOT use DNSSEC-proxy function of Dnsmasq. The validation is done on a
resolver in the internet. Any attacker can use a Man-In-The-Middle
attack between the DNSSEC-resolver in the internet and Dnsmasq to
manipulate the DNSSEC data. Proxying the DO-/AD-bit lulls the user into
a FALSE sense of secu
Dnsmasq supports validating DNSSEC since version 2.69, Bugs have been
fixed since version 2.71.
Please update Ubuntu packages to 2.71 and compile with DNSSEC support
(see http://www.thekelleys.org.uk/dnsmasq/CHANGELOG)!
--
You received this bug notification because you are a member of Ubuntu
Tou
5 matches
Mail list logo
