Hey Simon and list readers,
we are seeing an interesting report, first the log file:
Apr 21 19:00:01 dnsmasq[310194]: query[PTR] 1.1.0.10.in-addr.arpa from
127.0.0.1
Apr 21 19:00:01 dnsmasq[310194]: forwarded 1.1.0.10.in-addr.arpa to 10.0.1.1
Apr 21 19:00:01 dnsmasq[310194]: dnssec-query[DS] 10.in-addr.arpa to 8.8.4.4
Apr 21 19:00:01 dnsmasq[310194]: Insecure DS reply received for
10.in-addr.arpa, check domain configuration and upstream DNS server
DNSSEC support
Apr 21 19:00:01 dnsmasq[310194]: reply 10.in-addr.arpa is BOGUS DS - not
secure
Apr 21 19:00:01 dnsmasq[310194]: validation 1.1.0.10.in-addr.arpa is BOGUS
Relevant config lines are:
no-resolv
bogus-priv
server=8.8.8.8
server=8.8.4.4
rev-server=10.0.1.0/24,10.0.1.1
server=/fritz.box/10.0.1.1
dnssec
trust-anchor=.,<the default value)
In the context of bogus-priv - is it actually expected that
DNSSEC-related queries are sent to non-local servers? My interpretation
is that they shouldn't be sent upstream here...
Best,
Dominik
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
