I am wondering if it is possible to use dnsmasq to store SSHFP records and
then make use of them when using ssh with the VerifyHostKeyDNS=yes option.

I'm able to get the SSHFP into dnsmasq making use of dns-rr, but when I run
ssh I get told that the fingerprint is insecure. I know if I were using
bind I would be required to generate a ZSK and a KSK and sign the zone. I
was wondering if there was an analogous process for dnsmasq. It's looking
to me like this may be possible by adding more dns-rr records, but it's
unclear to me what I need to add, I expect at a minimum DNSKEY and RRSIG.

Thanks for any help you can provide.
Dnsmasq-discuss mailing list

Reply via email to