From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: RSA/SHA1-NSEC3-SHA1 signature bug?
Date: Tue, 21 Oct 2014 15:11:10 +0200
Message-ID: <1413897070.15920.102.camel@rice-oxley.tremer.info>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1929379380529335061=="
List-Id: <development.lists.ipfire.org>

--===============1929379380529335061==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hello fellow dnsmasq users,

there is a topic on the IPFire support forums I would like to point you
to:

  http://forum.ipfire.org/index.php?topic=11726.0

It appears that dnsmasq cannot verify resource records of a
DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its
signatures. Although there is some code in dnsmasq that is supposed to
handle this, it does not verify the records correctly.

Did anyone else experience this problem? Is it a bug with dnsmasq or the
authoritative name servers of that domain?

Best,
-Michael

--===============1929379380529335061==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC
Q2dBR0JRSlVSbHR1QUFvSkVJQjU4UDl2a0FrSEZnTVAvaUZlTW1vVnE2RGl6VTYrY3BDQkkwQ3MK
bTBNaDJmQUxFby9TcmN0dEpHNU11WlRTUzhzb0x6cmNiblAwYm1YTE1pQWJtQW0yT2xnb0ZMTjhI
Skd6S1dpSgpla0tGRGNXSVNVbWhWTS9ORFVycTRsMkNvZVZyZVJLQ1R1VHZVb2t3RkZJeC9tclow
b3ZiUVNscGtjYURKRGYxCis4UkREMnFsb2F3UXphUlFxYkV4SnNBQ0k0Qy9iUERNU0gzL0NWUFly
dXNyRlVRdDAyOTZrcGhaMHNsdVMvL2kKMXl3WENjUWVueElCRGJDQjNJL2phZHhNMkRiWkJrSk1U
WjZUSUxleEMyN090UDMybVNqeTN6SEdLL2lSd2piZApBM2dUZ0owN1JrNnk0bTFzSGZQaVgvUTZn
UmcxVVdPTGI4Q1hzcTdWYzVqTWpvc20rZkhSY2dkR2JZQjZBeHY5CkEzTWQ1cHc3UEhFWUova0tk
elpmNCtCRWkwM2Jvd1YySUxheVRKSXZ6QXdxZ2VsRzhtQ3lKNFpIU3h5NThCalUKMEd5dS9CWUZF
K3FHMGRuM1U0M3NkZVJZSEFiOUR2Zm15SDQ1MzFVZyt2WkV3dFBZa0FISkpXRzhTSHppMmg3TAp6
dWp6blh6THIwV1hQZG9Qc2piSDVEeWlDNGlnZGE0cmpWOUtmdC9sdWFwQjN6bllRRjhJWWdpWE9U
ZEtZeEVDCkpKRm80eEtWN20rRG5CeUdSbEFVUGJINkdtN0pRM0FmamIyTFRrTElHRXVrcWJDdUxH
TmVpWDZXRU5XLzVIeWMKUzB1M3NBamhKUVl1eXVrcjNRbEpKVGZJdEEyZ3hNdjk5d0swTlVicDA5
MEpNNFk3WDhnekFLMEtmS3dDNmxEVgpjT1VKT25qTkM1WEdmbEszait2ZQo9OUpyegotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============1929379380529335061==--