[Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC.
Toke Høiland-Jørgensen
toke at toke.dk
Tue Feb 11 09:01:09 EST 2014
Simon Kelley <simon at thekelleys.org.uk> writes:
> I've just pushed a load of changes to git, and tagged 2.69test8
Built and installed on my cerowrt box, and seems to work beautifully:
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: query[A] files.toke.dk from 10.42.0.7
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: forwarded files.toke.dk to 213.80.98.3
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: forwarded files.toke.dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: dnssec-query[DNSKEY] toke.dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: dnssec-query[DS] toke.dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: dnssec-query[DNSKEY] dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: dnssec-query[DS] dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: dnssec-query[DNSKEY] . to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply . is DNSKEY keytag 33655
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply . is DNSKEY keytag 19036
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply dk is DS keytag 26887
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply dk is DNSKEY keytag 61294
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply dk is DNSKEY keytag 31369
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply dk is DNSKEY keytag 26887
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply dk is DNSKEY keytag 7665
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply toke.dk is DS keytag 65122
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply toke.dk is DNSKEY keytag 22551
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply toke.dk is DNSKEY keytag 65122
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: dnssec-query[DNSKEY] tohojo.dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: dnssec-query[DS] tohojo.dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply tohojo.dk is DS keytag 49471
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply tohojo.dk is DNSKEY keytag 49471
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply tohojo.dk is DNSKEY keytag 30141
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: validation result is SECURE
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply files.toke.dk is <CNAME>
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply web2.tohojo.dk is 144.76.141.113
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: query[AAAA] files.toke.dk from 10.42.0.7
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: cached files.toke.dk is <CNAME>
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: forwarded files.toke.dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: validation result is SECURE
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply files.toke.dk is <CNAME>
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: reply web2.tohojo.dk is 2a01:4f8:200:3141::102
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: query[MX] files.toke.dk from 10.42.0.7
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: forwarded files.toke.dk to 213.80.98.2
Tue Feb 11 14:44:38 2014 daemon.info dnsmasq[6162]: validation result is SECURE
As for client-side tests:
$ dig +sigchase files.toke.dk @10.42.0.8
...snip...
Launch a query to find a RRset of type DS for zone: .
;; NO ANSWERS: no more
;; WARNING There is no DS for the zone: .
;; WE HAVE MATERIAL, WE NOW DO VALIDATION
;; VERIFYING DS RRset for dk. with DNSKEY:33655: success
;; OK We found DNSKEY (or more) to validate the RRset
;; Ok, find a Trusted Key in the DNSKEY RRset: 19036
;; VERIFYING DNSKEY RRset for . with DNSKEY:19036: success
;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS
I've also updated the x86 builds on OBS:
https://build.opensuse.org/package/repositories/home:tohojo:dnsmasq/dnsmasq
-Toke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140211/debca030/attachment.sig>
More information about the Cerowrt-devel
mailing list