From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 9EF6221F18A for ; Wed, 5 Feb 2014 09:10:39 -0800 (PST) X-Virus-Scanned: amavisd-new at example.com Received: by alrua-kau.localdomain (Postfix, from userid 1000) id 3135B47F58; Wed, 5 Feb 2014 18:10:27 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1391620228; bh=qnVEeUJScDBhhsDvnV/21cX7SortfQoxjzWBqT0mPCE=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=qkIwZ3+GWvxuCnkJyXSFnbOt1Bd4yuYR7EX9c0KfCCqMn/PKwpbKTd/BxdLHtr9IF wxs+P5x63+GVSaUPRyPpG3Ym8g8nMQSkcfNKxK2ZNQz8he2lQgtNYo/JYbsUb9gLM9 6ZBZC5b0Ev4f3nYtkU2RAasPU+6CUCQhc75jKt4M= From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: Dave Taht References: <87a9e6xcae.fsf@alrua-x1.kau.toke.dk> Date: Wed, 05 Feb 2014 18:10:25 +0100 In-Reply-To: <87a9e6xcae.fsf@alrua-x1.kau.toke.dk> ("Toke =?utf-8?Q?H?= =?utf-8?Q?=C3=B8iland-J=C3=B8rgensen=22's?= message of "Wed, 05 Feb 2014 08:13:13 +0100") Message-ID: <87ob2lmqny.fsf@toke.dk> Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC. X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2014 17:10:39 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Toke H=C3=B8iland-J=C3=B8rgensen writes: > Can add it to my bufferbloat OBS :) Right, so packages available for Arch, Debian 7 and Ubuntu 12.04, 12.10 and 13.10 are available from here: https://build.opensuse.org/project/repositories/home:tohojo:dnsmasq For some reason, signature verification is failing for me on the Arch repo. Also, installed it on my workstation, and it seems to do *something* at least. Running with --log-queries I get output like this: dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1 dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1 dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1 dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1 dnsmasq[19525]: reply tohojo.dk is DS keytag 49471 dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 30141 dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 49471 dnsmasq[19525]: validation result is SECURE (I'm still running BIND on localhost on a different port which is why it's forwarded to there...) And sometimes there's also lines saying=20 dnsmasq[19525]: validation result is INSECURE but mostly from in-addr.arpa and other places that I wouldn't expect to be verified. Finally there's a bunch of queries that don't say anything about dnssec anywhere. Oh, and --dnssec-debug doesn't seem to do anything. =2DToke --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCAAGBQJS8nCBAAoJEENeEGz1+utPqPQH+gNMOw1VbvAOc931k+phA6q/ 1CGsuK8lwU7CKJ3LDsFhg2+oHRd+ezp3mpKWZsHboy7xlfXn+L7yWV0u7CA0x48m UPlEG6TKKLXe/zPbbDYyz8KUG4etKj2gfwEwz6q+BIcGXmLCE+VZQLIsaKxarU+g UPEP8YpRH57nyTL/khJyupxpSJtHzfVAKDgm1Ze4yW/FDevnqO8Fj/9Tshx46hGa A8cDfT1sd7QbkCRc7XbY1okuc+f2Y4X0QfE88lod9aYBSMyginVRfFFYDSuIZeSf v8xQ8st/sVSTyfs+r2dAjWsf3vx0bG+AmSFG1SS6ZefKiKB/zqwZs1SCJZlL8AU= =JUIH -----END PGP SIGNATURE----- --=-=-=--