From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: RSA/SHA1-NSEC3-SHA1 signature bug? Date: Wed, 22 Oct 2014 14:01:29 +0200 Message-ID: <1413979289.15920.135.camel@rice-oxley.tremer.info> In-Reply-To: <54474787.5010508@dailydata.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9209405823967714037==" List-Id: --===============9209405823967714037== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hey, there could be something wrong with your firewall rules which don't allow the firewall to access the DNS servers. This must be port 53 UDP and TCP. You could also check if dnsmasq is still alive and not crashing... Best, -Michael On Wed, 2014-10-22 at 00:58 -0500, R. W. Rodolico wrote: > Ignore my previous e-mail. My problem is not related. It appears to be > an issue with setup not reading/writing > /var/ipfire/dns/settings.something. I'm trying to track it down. > > Rod > > On 10/21/2014 08:11 AM, Michael Tremer wrote: > > Hello fellow dnsmasq users, > > > > there is a topic on the IPFire support forums I would like to point you > > to: > > > > http://forum.ipfire.org/index.php?topic=11726.0 > > > > It appears that dnsmasq cannot verify resource records of a > > DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its > > signatures. Although there is some code in dnsmasq that is supposed to > > handle this, it does not verify the records correctly. > > > > Did anyone else experience this problem? Is it a bug with dnsmasq or the > > authoritative name servers of that domain? > > > > Best, > > -Michael > > > > > > > > _______________________________________________ > > Development mailing list > > Development(a)lists.ipfire.org > > http://lists.ipfire.org/mailman/listinfo/development > > > --===============9209405823967714037== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlVSNXlaQUFvSkVJQjU4UDl2a0FrSDArOFAvMUZRbkpQNUxQclhCWitERDBoUWFJR0kK UmpQSlhZTTdwcEIyYklTbXZ5dzNKcTNyanNqNm1ra2ZFbEdNS3JKQjVKdExEc1NTUHNubldYOVdz bkVla25qQwpYeEtsWGt4RzQrR0ltVjY3MUV5Q2NIdWVOK0YyMlVGckNYaHdVSmMvYTJEY2RwakRv azlBbTZucVFSVThYMzc0Cmp6VzhZaWg4NzFZV1J0d2JOMmVQTDI3aW1nTkxSK1pSKzNuUWNQeVNZ MWR2RzhKRWhPeWdkMjhMZDdkTUJwRjMKamlIK0VmZERJMW9qS0w5Vy8vSUVsSHVJZytRNlJGWHU5 S29EUFJyaWkyMzlqeWYzY1pzci9iKzRPMUJHYjhqZAo5UzNlRnYyb0ljakJGZktYK2NvMVk0Z3kr Uk13d0NaS2VXd0hEZlZock1laXc2OTNJeXNxL0paY1ZRNSttenhUCmQyUlZKK3ZTOThZclRNOFRQ MFNLTnhrUFEvS1M3SXNDSmRjQ01rcm9oUTRHck16NTJBZ05sVGlTM2JIeUFnRnYKblVCZ1plMkxF VlZhVmpXQ1VjV3RVc2NMZ3FlZWYyeGhoR1QxNE9CZjAyKzExQUxxMk9lNEFXajNiOWs4c3ppUwps dXRUd3BPQWhMaDRIVEMvRDBSaUxXZVdPMHhVYjAxdlFSTDloM0wreUpQa24wWmF6cTVwN1ZpVWdO VVNDcDhKCkQwdFRLZCtOZCtLS2pPN0ROaFZua2FBN3Q0enFzODh4OFFvaFY0eU1XNnRnYkJ1U2NO U2tGQnpZNWdvdkI3WkwKOENOMzJkOVlSL3RGSUtlZ1FDa0NUV2h4cDQrNkxqVHNQWG9BSDNYR25N SDBBang5RGZtQkpzeDJPOGpnNGttbQpKWWdMMmJLNHF2QlZlWXlxWGN1NQo9ZmpZdQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============9209405823967714037==--