---------- Forwarded message ---------- From: Toke Høiland-Jørgensen <t...@toke.dk> Date: Wed, Feb 5, 2014 at 12:10 PM Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC. To: Dave Taht <dave.t...@gmail.com> Cc: "cerowrt-de...@lists.bufferbloat.net" <cerowrt-de...@lists.bufferbloat.net>
Toke Høiland-Jørgensen <t...@toke.dk> writes: > Can add it to my bufferbloat OBS :) Right, so packages available for Arch, Debian 7 and Ubuntu 12.04, 12.10 and 13.10 are available from here: https://build.opensuse.org/project/repositories/home:tohojo:dnsmasq For some reason, signature verification is failing for me on the Arch repo. Also, installed it on my workstation, and it seems to do *something* at least. Running with --log-queries I get output like this: dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1 dnsmasq[19525]: dnssec-query[DNSKEY] tohojo.dk to 127.0.0.1 dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1 dnsmasq[19525]: dnssec-query[DS] tohojo.dk to 127.0.0.1 dnsmasq[19525]: reply tohojo.dk is DS keytag 49471 dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 30141 dnsmasq[19525]: reply tohojo.dk is DNSKEY keytag 49471 dnsmasq[19525]: validation result is SECURE (I'm still running BIND on localhost on a different port which is why it's forwarded to there...) And sometimes there's also lines saying dnsmasq[19525]: validation result is INSECURE but mostly from in-addr.arpa and other places that I wouldn't expect to be verified. Finally there's a bunch of queries that don't say anything about dnssec anywhere. Oh, and --dnssec-debug doesn't seem to do anything. -Toke -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
signature.asc
Description: PGP signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss