Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-05 Thread Simon Kelley
On 04/02/14 23:31, Eugene Rudoy wrote: Hi Simon, hmm, doesn't work for me yet. *All* replies are considered to be INSECURE. Feb 5 00:14:50 fb daemon.info dnsmasq[4022]: started, version 2.69test6 cachesize 256 Feb 5 00:14:50 fb daemon.info dnsmasq[4022]: compile time options: no-IPv6

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-05 Thread Simon Kelley
On 05/02/14 01:36, Matthias Andree wrote: Am 04.02.2014 16:29, schrieb Simon Kelley: DNSSEC in dnsmasq is a long story. There have been requests for the feature for at least five years, and work was started in earnest two years ago, when Giovanni Bajo got much of the way on validation, and I

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-05 Thread Matthias Andree
Am 05.02.2014 09:46, schrieb Simon Kelley: The second answer comes from the cache, and the D0 bit is not set in the query, so the answer doesn't have the AD flag or RRSIG, if you add +dnssec to the dig command you should see both in replies from the cache, Thank you. You are right, that part

Re: [Dnsmasq-discuss] DHCPv6 and MAC

2014-02-05 Thread Martin Babutzka
Hi Simon, Its exciting to hear that future DNSmasq versions can combine DHCPv6 with MAC adresses. We ran into the same problem with our provisioning system but I found a simple workaround which might be interesting for DNSmasq users with DHCPv6 who dont want to work with the most bleeding edge

[Dnsmasq-discuss] Fwd: [Cerowrt-devel] Fwd: Testers wanted: DNSSEC.

2014-02-05 Thread Dave Taht
-- Forwarded message -- From: Toke Høiland-Jørgensen t...@toke.dk Date: Wed, Feb 5, 2014 at 12:10 PM Subject: Re: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Testers wanted: DNSSEC. To: Dave Taht dave.t...@gmail.com Cc: cerowrt-de...@lists.bufferbloat.net

Re: [Dnsmasq-discuss] Testers wanted: DNSSEC.

2014-02-05 Thread Eugene Rudoy
Hi Simon, On Wed, Feb 5, 2014 at 9:39 AM, Simon Kelley si...@thekelleys.org.uk wrote: Most zones (including those you use as examples) are not (yet) signed, so that's the expected result. Try paypal.com ietf.org www.dnssec-failed.org hmm, tried all above, still INSECURE Feb 6