Hi,
Have that since last year with possibility to reenable with HAVE_DNS build-time
define:
https://github.com/themiron/dnsmasq/commit/5a1a8bc039561455677e825194f470219093aaf6.patch
Also, GOST is obsolete and GOST2012 is not standardized yet. This helps to turn
it off by default:
https://github.com/themiron/dnsmasq/commit/a9ef96041fd0b594b662cbcb1a9b475844a4a5ab.patch
p.s Please ignore ctypto-openssl.c part, it's not part of official dnsmasq
source.
Best Regards, Vladislav Grishenko
-Original Message-
From: Dnsmasq-discuss On
Behalf Of Loganaden Velvindron
Sent: Monday, February 24, 2020 12:08 PM
To: dnsmasq-discuss@lists.thekelleys.org.uk
Subject: [Dnsmasq-discuss] Remove DSA-NSEC3-SHA1 & DSA DNSSEC algorithm as this
is set to status MUST NOT implement in RFC 8624
Google might mangle the patch. Feedback welcomed.
RFC 8624 Section 3.1 (https://www.rfc-editor.org/rfc/rfc8624.txt )says:
3 | DSA| MUST NOT| MUST NOT
6 | DSA-NSEC3-SHA1 | MUST NOT| MUST NOT
I've added them on this gh repo:
1) Remove DSA-NSEC3-SHA1 DNSSEC algorithm as this is set to status MUST NOT
implement in RFC 8624:
https://raw.githubusercontent.com/cyberstormdotmu/dnsmasq_dnssec_patches/master/0001-Remove-DSA-NSEC3-SHA1-DNSSEC-algorithm-as-this-is-se.patch
2) Remove DSA DNSSEC algorithm as this is set to status MUST NOT implement in
RFC 8624:
https://github.com/cyberstormdotmu/dnsmasq_dnssec_patches/blob/master/0002-Remove-DSA-DNSSEC-algorithm-as-this-is-set-to-status.patch
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss