[Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC.
Toke Høiland-Jørgensen
toke at toke.dk
Wed Feb 5 12:10:25 EST 2014
Toke Høiland-Jørgensen <toke at toke.dk> writes:
> Can add it to my bufferbloat OBS :)
Right, so packages available for Arch, Debian 7 and Ubuntu 12.04, 12.10
and 13.10 are available from here:
https://build.opensuse.org/project/repositories/home:tohojo:dnsmasq
For some reason, signature verification is failing for me on the Arch
repo.
Also, installed it on my workstation, and it seems to do *something* at
least. Running with --log-queries I get output like this:
dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1
dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1
dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1
dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1
dnsmasq[19525]: reply tohojo.dk is DS keytag 49471
dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 30141
dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 49471
dnsmasq[19525]: validation result is SECURE
(I'm still running BIND on localhost on a different port which is why
it's forwarded to there...)
And sometimes there's also lines saying
dnsmasq[19525]: validation result is INSECURE
but mostly from in-addr.arpa and other places that I wouldn't expect to
be verified.
Finally there's a bunch of queries that don't say anything about dnssec
anywhere.
Oh, and --dnssec-debug doesn't seem to do anything.
-Toke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140205/34fb20d2/attachment.sig>
More information about the Cerowrt-devel
mailing list