Hi, I am wondering if it is possible to use dnsmasq to store SSHFP records and then make use of them when using ssh with the VerifyHostKeyDNS=yes option.
I'm able to get the SSHFP into dnsmasq making use of dns-rr, but when I run ssh I get told that the fingerprint is insecure. I know if I were using bind I would be required to generate a ZSK and a KSK and sign the zone. I was wondering if there was an analogous process for dnsmasq. It's looking to me like this may be possible by adding more dns-rr records, but it's unclear to me what I need to add, I expect at a minimum DNSKEY and RRSIG. Thanks for any help you can provide.
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss