Package: racoon
Version: 1:0.8.0-12
Severity: normal
Tags: upstream
Dear Maintainer,
Re racoon.conf 'peers_certfile dnssec'
On looking at the code for this option, which is little used yet, the daemon
does not set the RES_USE_DNSSEC or RES_USE_EDNS0 in src/racoon/dnssec.c
Ssh had to be compiled with this option for DNSSEC SSHFP checking to work.
See Debian bug #569592
There is the option to link racoon/ipsec-tools against lwres, and from the look
of the code, it looks like NetBSD has RES_USE_DNSSEC from resolv.h turned on..
Will create patch to fix, as I am interested in using this option.
This code is little used yet, as DNSSEC is only just starting to spread. From
the looks of it, I believe most client DNS resolvers are buggy in this area.
Thus, I have classified this with priority normal.
Regards,
Matthew Grant (myself)
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these lines ***
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages racoon depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.44
ii ipsec-tools 1:0.8.0-12
ii libc6 2.13-33
ii libcomerr2 1.42.4-3
ii libgssapi-krb5-2 1.10.1+dfsg-1
ii libk5crypto3 1.10.1+dfsg-1
ii libkrb5-3 1.10.1+dfsg-1
ii libldap-2.4-2 2.4.31-1
ii libpam0g 1.1.3-7.1
ii libssl1.0.0 1.0.1c-3
ii perl 5.14.2-12
racoon recommends no packages.
racoon suggests no packages.
-- Configuration Files:
/etc/racoon/psk.txt [Errno 13] Permission denied: u'/etc/racoon/psk.txt'
/etc/racoon/racoon-tool.conf changed [not included]
-- debconf information excluded
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]