Le dimanche 14 juin 2015 19:44:14, vous avez écrit :
Hi,
On Sun, Jun 14, 2015 at 9:06 AM, Stéphane Guedon steph...@22decembre.eu
wrote:
Le vendredi 12 juin 2015, 13:16:09 Maciej Soltysiak a écrit :
A user on my service, who has dnssec-check-unsigned enabled gets an
unsigned response
Le dimanche 14 juin 2015 19:44:14, vous avez écrit :
Hi,
On Sun, Jun 14, 2015 at 9:06 AM, Stéphane Guedon steph...@22decembre.eu
wrote:
Le vendredi 12 juin 2015, 13:16:09 Maciej Soltysiak a écrit :
A user on my service, who has dnssec-check-unsigned enabled gets an
unsigned response
Le vendredi 12 juin 2015, 13:16:09 Maciej Soltysiak a écrit :
I think I have discovered what the problem is and it's unlikely to be
dnsmasq.
What I do is that I have a setup which is basically a split horizon:
- users who are not on the service get A record for using.dnscrypt from a
DNSSEC
Hi,
On Sun, Jun 14, 2015 at 9:06 AM, Stéphane Guedon steph...@22decembre.eu
wrote:
Le vendredi 12 juin 2015, 13:16:09 Maciej Soltysiak a écrit :
A user on my service, who has dnssec-check-unsigned enabled gets an
unsigned response from a signed zone and the intended reaction of dnsmasq
On Fri, Jun 12, 2015 at 10:18 PM, Simon Kelley si...@thekelleys.org.uk
wrote:
On 12/06/15 12:16, Maciej Soltysiak wrote:
I think I have discovered what the problem is and it's unlikely to be
dnsmasq.
Without doing an exhaustive analysis (I've done too many DNSSEC
post-mortems recently)
Hi,
One of my users raised an issue that using.dnscrypt.pl does not resolve
when dnssec-check-unsigned is turned on.
I replicated the issue with most recent openwrt Chaos Calmer package:
dnsmasq-full.
When dnssec and trust anhcor are set and dnssec-check-unsigned is as well,
dnsmasq says BOGUS
I think I have discovered what the problem is and it's unlikely to be
dnsmasq.
What I do is that I have a setup which is basically a split horizon:
- users who are not on the service get A record for using.dnscrypt from a
DNSSEC signed zone
- users who are on the service get *a different* A
On 12/06/15 12:16, Maciej Soltysiak wrote:
I think I have discovered what the problem is and it's unlikely to be
dnsmasq.
What I do is that I have a setup which is basically a split horizon:
- users who are not on the service get A record for using.dnscrypt from a
DNSSEC signed zone
-