Public bug reported:
Binary package hint: dnsutils
I'm trying to validate my DNSSEC zone signatures using dig. To do this
I need to use the +sigchase flag to dig. When I do so, this is what I
see:
toccata% dig +sigchase +dnssec DS fugue.se.
Invalid option: +sigchase
Usage: dig [EMAIL PROTECTED] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [EMAIL PROTECTED] {local-d-opt}
[ host [EMAIL PROTECTED] {local-d-opt} [...]]
Use "dig -h" (or "dig -h | more") for complete list of options
toccata%
I think what's going on here is that dig has not been compiled with the
-DDIG_SIGCHASE option.
Given all the excitement recently with Dan Kaminsky's DNS bug, I think
the ability to check DNSSEC signatures is now a requirement, not
something that should be optional. Dig is a debugging tool for DNS
administrators, and in order for us to debug our DNSSEC installations,
we need dig to be able to verify signatures.
toccata% lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
toccata% apt-cache policy dnsutils
dnsutils:
Installed: 1:9.4.2-10ubuntu0.1
Candidate: 1:9.4.2-10ubuntu0.1
Version table:
*** 1:9.4.2-10ubuntu0.1 0
500 http://us.archive.ubuntu.com hardy-updates/main Packages
500 http://security.ubuntu.com hardy-security/main Packages
100 /var/lib/dpkg/status
1:9.4.2-10 0
500 http://us.archive.ubuntu.com hardy/main Packages
toccata%
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
--
dig compiled without -DDIG_SIGCHASE!
https://bugs.launchpad.net/bugs/257682
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
