Hi again again, I realised it was even easier than that. This time I am done and going to bed though, so no more spam from me (at least tonight anyway).
This time I actually fixed an issue with my simplified version in so much as it was able to circumvent the unsigned check of the parent from the target of the CNAME if the CNAME came after the A record in the response, which was bad. This stops that from happening, which is good. It does require the CNAME to come before the A record, but I think that’s required in the standard anyway? If it doesn’t, well then at least it’s better than it was before. Once again, please see previous for reasoning behind the patch. Thanks, Chris.
dnssec.patch
Description: Binary data
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
