From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0094.outbound.protection.outlook.com [157.55.234.94]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 2D92721F56F for ; Sun, 7 Jun 2015 11:03:45 -0700 (PDT) Received: from AM2PR07MB0931.eurprd07.prod.outlook.com (25.162.37.139) by AM2PR07MB1025.eurprd07.prod.outlook.com (25.162.37.22) with Microsoft SMTP Server (TLS) id 15.1.172.22; Sun, 7 Jun 2015 18:03:41 +0000 Authentication-Results: lists.bufferbloat.net; dkim=none (message not signed) header.d=none; Received: from [IPv6:2001:470:183f:da2b::9b1c:6a15] (2001:470:183f:da2b::9b1c:6a15) by AM2PR07MB0931.eurprd07.prod.outlook.com (25.162.37.139) with Microsoft SMTP Server (TLS) id 15.1.172.22; Sun, 7 Jun 2015 18:03:41 +0000 Message-ID: <55748774.1000301@darbyshire-bryant.me.uk> Date: Sun, 7 Jun 2015 19:03:32 +0100 From: Kevin Darbyshire-Bryant User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: References: <4586744.SWlHNYxozs@orley> <5573714A.2070902@thekelleys.org.uk> <1912951.DO848rCvMM@orley> <55740697.8030400@thekelleys.org.uk> In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms080205050007000909070300" X-Originating-IP: [2001:470:183f:da2b::9b1c:6a15] X-ClientProxiedBy: HE1PR09CA0028.eurprd09.prod.outlook.com (25.162.19.38) To AM2PR07MB0931.eurprd07.prod.outlook.com (25.162.37.139) X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:AM2PR07MB0931; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:AM2PR07MB1025; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(520003)(3002001); SRVR:AM2PR07MB0931; BCL:0; PCL:0; RULEID:; SRVR:AM2PR07MB0931; X-Forefront-PRVS: 0600F93FE1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(2473001)(51704005)(377454003)(24454002)(479174004)(164054003)(512874002)(2950100001)(5890100001)(40100003)(15975445007)(4001350100001)(62966003)(189998001)(83506001)(87976001)(93886004)(19580395003)(19580405001)(84326002)(5001960100002)(107886002)(122386002)(110136002)(450100001)(77156002)(1720100001)(92566002)(86362001)(575784001)(65816999)(87266999)(54356999)(50986999)(76176999)(46102003)(74482002)(230783001)(42186005)(117636001)(568964001)(65806001)(65956001)(2351001)(36756003)(3826002)(62816006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM2PR07MB0931; H:[IPv6:2001:470:183f:da2b::9b1c:6a15]; FPR:; SPF:None; MLV:sfv; LANG:en; X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jun 2015 18:03:41.2444 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR07MB0931 X-OriginatorOrg: darbyshire-bryant.me.uk Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] dnssec-check-unsigned breaks linux.conf.au X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jun 2015 18:04:14 -0000 --------------ms080205050007000909070300 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable It is 2.73rc9(!) and I submitted a patch to openwrt this morning to bump = to that version (then I submitted version 2 to sort out the line wrapping= ) There are a number of people hoping that a release is imminent but stuff = just keeps on being found. Stop testing & looking in dark corners you fools :-) On 07/06/15 18:51, Dave Taht wrote: > if I haven't already said this, anybody using dnssec in > cerowrt-3.10.50-1 should just disable it. > > The number of corner cases and bugs found and fixed in the last few > months on dnssec has been pretty amazing. dnsmasq-2.73 is now at rc9 I > think.... > > > ---------- Forwarded message ---------- > From: Simon Kelley > Date: Sun, Jun 7, 2015 at 1:53 AM > Subject: Re: [Dnsmasq-discuss] dnssec-check-unsigned breaks linux.conf.= au > To: dnsmasq-discuss@lists.thekelleys.org.uk > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 07/06/15 09:06, Karl-Johan Karlsson wrote: >> On Sat 06 Jun 2015 23.16.42 Simon Kelley wrote: >>> Turns out that this domain has a "weird" by valid use of NSEC3 >>> which broke dnsmasq's corner-case code. >>> >>> 2.73rc9 should fix it. >> Thanks, it looks like it works. >> >> > Good stuff. > > A longer explanation (using NSEC because it's easier to understand, > NSEC3, which was used in this case, has the same principle but it less > obvious to understand.) > > > An NSEC record is a signed record that proves no names exist in a > certain alphabetic range > > so > > apple.example.com NSEC cherry.example.com > > proves that > > bananna.example.com cannot exist. > > > If the next name is before the name of the NSEC, then it covers the > wrap-around region, so > > cherry.example.com NSEC apple.example.com > > proves there are no names after cherry, and no names before apple. > > > The tricky one is > > apple.example.com NSEC apple.example.com > > The obvious answer is that proves nothing, and that's what the dnsmasq > code calculated. In fact it's an instance of the wraparound case, and > proves that _only_ apple exists. > > It's fun stuff, this DNSSEC. > > > Simon. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iQIcBAEBCAAGBQJVdAaXAAoJEBXN2mrhkTWi3ysP/3h6YWQWbNFTKDYLtaxmE6B/ > o85j+DKvgkfzGMAk8VKgh7gbVSuS174VFpjkrKFCHjjNkXiOidVIvLOcSAPWtBIq > 1IK/COZtnMzqpjxOrtkps/L7JJP1IQSiZdYwZFDuNK9c8N7TAqRpR83DPPJS5dVk > 5X+c/QY8Z7LGPaWW/tMGxxd9NakkCRy3Qs9OwCyxAWZXNDsz3hfH9zmw8Im8ptSD > P5RPCMoo9QPon5wsWdyr6kTTX73JPymvcJkNY/n8eIURNaPmaTFM589eQfO1xcFl > F7hj6pdXnzzrdZTdEqgHYbRUYbAJCPCW+DhfIjdfWmfIXVHwSDo+KB65Sv0lDouJ > aq6JFFy6cpKzZkEI2zXWw0WAVD4dHJqKe6ZcOiDG7zhUA9yr6j5WQDTZjgkM6fjz > CHatx+KD8AioKS5mnS6zw+8m5nfXFDrCJ5ufdTKU2EttifU0ruMuBapmvbmuRipQ > yvHMY7NfkHi46RScbah7FD5rybZP+1wEyDEGwfy89AWWkfWQ9TYCAt+tLojR8O5d > jK3YxIxpKHp11b670su+E6z/eG1tHIwxWNxXX5U3ETIv8k4a5xAUmyLluhede+yy > CA9wRufzbClKXbd+QkYobPNhid/VS2poMST0qeFa3yLvrr5je0KO0NFccBysk5jX > y+6wwmuCyz2txq3mGO52 > =3DAQKV > -----END PGP SIGNATURE----- > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > --------------ms080205050007000909070300 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINnDCC BjQwggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3 MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOr lr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSM zR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6 qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSD kOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95 m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAfBgNV HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqD CH14qywGXLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy 6QMVQjbbMXltUfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPI zKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKf KSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HOR z9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9 sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCie uoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7t w1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQ G2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t 5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIHYDCCBkigAwIBAgIDCm0/MA0GCSqGSIb3DQEB BQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTQwNzAzMTE1NjM5 WhcNMTUwNzA0MTc0MjQ1WjBxMRkwFwYDVQQNExA2dVNGb1pMU1d2dGgyd2tNMSYwJAYDVQQD DB1rZXZpbkBkYXJieXNoaXJlLWJyeWFudC5tZS51azEsMCoGCSqGSIb3DQEJARYda2V2aW5A ZGFyYnlzaGlyZS1icnlhbnQubWUudWswggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQDqCZMbkat9lukbtY+VQ4HBVkcHtcUU1sWZlg7foJ6XEQXCb3ArlyY7V+AldkNY6qRlrlVt YZmSFtDsors5e3Z1VWlEYBZEbnR57t5jmfGYmaaDzc8YsWr5gsUTa+MV/MNHpuAlf9GwgQCQ e7SC7kEzkQZApfB8/zG/a5JxgVXD9c3vK40p3OW27ZqVN9rie5SoLi1KEfQbA//VyPPeDpus oDwYGq6AA82lLFvgBxi1JPlS7M9zToUQCXpvDexQPiok1iqhwYBwX3qmSInlVWnudgaJ25iL m8/9bG5nCIo+dOEZP/bOCEsMzV8n9RaCNu8ilpjMXsHbkgrlvng81CTUFlYWhdMg58CM7N9y gSBjCKuHmJwQbIdsCmuKEOFVLZR8OZzoue6e/HAQlunWEfrr/H4+UYp8yTNLybqfcyZ3k7Sg i207jicY5dVKKFFY8eSB8Ps2svxj6BgrNPZMGzW36zRwaK1MpOZxHItCcuyXo+WkI3/61BZ5 mg34ejrgalQ04887n+4u3XPKnM/IwXfivlOD+n8bOOAGR8iZVlLTVmvypMdX3+wL/yB/w8g1 Ojj9Bk5/ksZb9Eh+3q1cVOOuXa/hcCLLqetNFzlxHjbVXzBKwO9pOs50DVxtv070KalD3iqz 8hCwnDt7odkGHwXyZAErmUSjc6tqVMivid/1swIDAQABo4IC4zCCAt8wCQYDVR0TBAIwADAL BgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSg QyTrQHiayWJq77xyyu7kpPmJ2jAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAo BgNVHREEITAfgR1rZXZpbkBkYXJieXNoaXJlLWJyeWFudC5tZS51azCCAUwGA1UdIASCAUMw ggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0 c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFj Y29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUg U3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVy cG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2 BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3Js MIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5j b20vc3ViL2NsYXNzMS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRz c2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRw Oi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBAChYSPOI6HHjtB2zQSGb 7vqo2f/QAum648uoNCFXf/ZmpU42ca6hq/JqsugqbnCY72hNTpCh3JZwTTaBWBvj1vzjjMra pLixIvceaAqMj6vd+L43APuMMmTH9tUUNS1ksXdA2r6STVIbr4p2sbVV3WktLGFnNAy5uXbr mLHay5w6jcmSfTAh1aA49sSvp+8CB6q6uDef2j9X8OE9Ajr5l0mcnGdVOkLZU6Zq20G8jb3p sdqoO9MU5UbKfZCN4/ibr+/0Pj3VZIE3jCEW2DwguN6DIDAYVc6b7RFGf3cWadJrSa887Sc/ 9wzXymTKAyBvfgRQeWcZ+5w4RlOI/TmpNfwxggTdMIIE2QIBATCBlDCBjDELMAkGA1UEBhMC SUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJ bnRlcm1lZGlhdGUgQ2xpZW50IENBAgMKbT8wCQYFKw4DAhoFAKCCAh0wGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwNjA3MTgwMzMyWjAjBgkqhkiG9w0B CQQxFgQUQ6Lt75rxtpiHZd6lMUBGyLGPIg8wbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQME ASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBpQYJKwYBBAGCNxAEMYGXMIGUMIGMMQsw CQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQ cmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwptPzCBpwYLKoZIhvcNAQkQAgsxgZeg gZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJT ZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDCm0/MA0GCSqGSIb3DQEB AQUABIICAHswi4nmklP4TwK2IdZy27Drelni+rMYFPgfH6DDw9jdpj8eGPKFA3zkxDBXyrrD wlfGPfK+SY2/6UL2lPa5baRtZrJ/L5G/KCogx2TN/LPNmD4je8xAUjAeH03+bylTxoUb3ohx inD17mjSAMnM8rZ1K4tTUJ5UFwo5IEB1At16Amc4xkwrKX35s8tZJOCOfiiLB6Xnbp8YGBdd K/FG4SXdZNuriyOG3UBmRyGGRHZPMZwRZwEtCBPOzOfsU19vrxp3Aw9MBYpdH+Z/tLNnTng2 bujrp6fXFXpSPdxtLdHOYepx6YOQhf2khDXvRj90QWEEJ1rwLo5ghwGsRbjdl0TtaY8SAO+U ThWpubTDStzruWlTPuBA0YhbvoGkWsinzWFVg+YAyTO1DyxYhNRqrQIdcq5viVCla1tQO+Aq ymouUEx65K8pSk4vgd1RO5mdlGct2BsWrbAYtOPTW/HxsQuimftpkPZ7Ag9dvhJ0VoEMucLa w1VAzl3mhQvEx3R2cC/PNMINMvFCuL0hFJgyzTa9ZTVQZ3Ylp4MHpXmndhyrEwiFpcC0p/PI Dzid1NFWeZMFURGlqDr7qnoz8u4mEVGMIs9AU7+voGxH2SD0N4ecQdDvljdVvlzzbwv+Fgok 6ls9GIc+hvMYGihLhgDSZ4pvziRmKJS8RyDO/19nUYOtAAAAAAAA --------------ms080205050007000909070300--