* Simon Kelley
> I just pushed
>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=fef2f1c75eba56b7355cbe729e4362474d558aa4
>
> Which makes the following changes:
>
> 1) No longer fail to validate a reply proving that a DS record doesn't
> exist if RRs in the auth section other the
On 29/08/2019 17:53, Tore Anderson wrote:
> Hi Simon,
>
>> Now, it's certainly possible to verify that the DS record doesn't exist
>> without relying on the data in the SOA record. BUT there is a problem:
>> having determined securely that the DS record doesn't exist, dnsmasq
>> caches that
Hi Simon,
> Now, it's certainly possible to verify that the DS record doesn't exist
> without relying on the data in the SOA record. BUT there is a problem:
> having determined securely that the DS record doesn't exist, dnsmasq
> caches that information, and it uses data from the SOA record to
>
On 24/08/2019 18:47, Tore Anderson wrote:
> Some more information:
>
>> When the bug occurs, the error «Insecure DS reply received, do upstream DNS
>> servers support DNSSEC?» is logged.
>
> I think that the problem might be caused by this query in frames 7-8 of the
> PCAP:
>
> 7
