From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 038F721F1BF for ; Thu, 6 Feb 2014 05:43:02 -0800 (PST) X-Virus-Scanned: amavisd-new at example.com Received: by alrua-kau.localdomain (Postfix, from userid 1000) id 803DA47FDD; Thu, 6 Feb 2014 14:42:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1391694173; bh=Nnn0NHD41kXdVNe7fYW6PD9WXy6CJbp1MVzDK8FZvWc=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=FAxSeZ5AaA4f7Fgc1s5AZ0Eth3bkWtAKWEuozOeZLjGCj2CQ2/wwuhpyvZF5JitG+ ZHPdvoY3BWC7WeojZ1Lf6MZhLfzV441g9CjQKlKbzH+ZnrWXMaxpz7hu4OTl9s6GA2 75mRqUvif37oRVoapm/UFUjaCVb+MYhBmlxQTTdI= From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: Simon Kelley References: <87a9e6xcae.fsf@alrua-x1.kau.toke.dk> <87ob2lmqny.fsf@toke.dk> <52F29645.6010001@thekelleys.org.uk> <874n4dwcdb.fsf@alrua-x1.kau.toke.dk> <52F2BA80.9010202@thekelleys.org.uk> <87iossvgw4.fsf@alrua-x1.kau.toke.dk> <52F369AA.5060809@thekelleys.org.uk> <8761osv78r.fsf@alrua-x1.kau.toke.dk> <52F371B3.5030406@thekelleys.org.uk> Date: Thu, 06 Feb 2014 14:42:49 +0100 In-Reply-To: <52F371B3.5030406@thekelleys.org.uk> (Simon Kelley's message of "Thu, 06 Feb 2014 11:27:47 +0000") Message-ID: <87bnykmk6e.fsf@toke.dk> Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC. X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 13:43:02 -0000 --=-=-= Content-Type: text/plain Simon Kelley writes: > Otherwise, just the usual stuff, crashes, infinite loops, wrong answers. > "internal error" log entries. Right, another data point: got an invalid signature: dnsmasq[21893]: query[A] www.tcpdump.org from 127.0.0.1 dnsmasq[21893]: forwarded www.tcpdump.org to 127.0.0.1 dnsmasq[21893]: validation result is BOGUS dnsmasq[21893]: reply www.tcpdump.org is 69.4.231.52 dnsmasq[21893]: reply www.tcpdump.org is 132.213.238.6 Seems to be correct, though: $ dig +trace +dnssec +sigchase www.tcpdump.org ...snip... ;; WE HAVE MATERIAL, WE NOW DO VALIDATION ;; VERIFYING A RRset for www.tcpdump.org. with DNSKEY:20163: RRSIG has expired ;; No DNSKEY is valid to check the RRSIG of the RRset: FAILED Turning on dnssec-debug also "helps": $ host www.tcpdump.org www.tcpdump.org has address 69.4.231.52 www.tcpdump.org has address 132.213.238.6 www.tcpdump.org has RRSIG record A 5 3 60 20131226232352 20131126222352 20163 tcpdump.org. iyzWHZ5I6wkK6uZrmNg22SZnP2JKHN1LSE9Vo+PE3J1tbA9cPcVlas3v O8PtAGjzjP/TnGRaBSbni+Bwr6GJMRT1+S1Fw1aBCeTyioRmDPP0WS48 K6WULn5Mf35KNqzpHb+1YcvP2MeSp5oMVv3uFUjONlt7RqPHVTgfnR1L zy8= www.tcpdump.org has IPv6 address 2607:f0d0:3001:62:1::52 www.tcpdump.org has IPv6 address 2001:4830:116e:2::6 www.tcpdump.org has RRSIG record AAAA 5 3 60 20131226232352 20131126222352 20163 tcpdump.org. L71XIeQLyVmZf4eXbBvefojm8qYhc/xAXR3S28pKBdeUgXl1DfePO8Il lUZhAXowKAw8H1529AglgW8HGAiJGwzoVefYz+GnZCg2N6AWoYM4gxve XwPtCDx51FAKkINkMX1XGqUIIX6Bq26RPcth0JSVCA+Fy+29ZxeitN36 sBk= -Toke --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCAAGBQJS85FZAAoJEENeEGz1+utPh8EH/iNixrfOailo02SOxP4mknzI gCoknU32A0T1DRgwcoo1H9PsUIHBvqvnT5VCI/nGtYb15qCyJ9eJVr7kzeeqQihE 6w0aijpN+XNbU3Is1VqzxmC50tsKo2zilSIJjKiHciaL++Jl4KjktPBJwzNagLLW LgMW3CHre+g/0jm53qh8JPIOG4eVnlpicRTEaZ554Dp2JFxl9xv5fuWxj1oVGq8Z xFXMhs/6nP3RBM+1PCbXL6SNEdFhArXc3YtuOmChf39dt2gFtKT1gim3o/s5dXb4 wo3fpqgjWfl80wojbY321Q7pNF/z/IXdeekxJR/DOPrvErC9dl4Lyk+idKypw2w= =QKWX -----END PGP SIGNATURE----- --=-=-=--