From mboxrd@z Thu Jan 1 00:00:00 1970 From: "R. W. Rodolico" To: development@lists.ipfire.org Subject: Re: RSA/SHA1-NSEC3-SHA1 signature bug? Date: Wed, 22 Oct 2014 00:58:31 -0500 Message-ID: <54474787.5010508@dailydata.net> In-Reply-To: <1413897070.15920.102.camel@rice-oxley.tremer.info> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7844005401584895741==" List-Id: --===============7844005401584895741== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Ignore my previous e-mail. My problem is not related. It appears to be an issue with setup not reading/writing /var/ipfire/dns/settings.something. I'm trying to track it down. Rod On 10/21/2014 08:11 AM, Michael Tremer wrote: > Hello fellow dnsmasq users, > > there is a topic on the IPFire support forums I would like to point you > to: > > http://forum.ipfire.org/index.php?topic=11726.0 > > It appears that dnsmasq cannot verify resource records of a > DNSSEC-enabled domain. That domain uses RSA/SHA1-NSEC3-SHA1 for its > signatures. Although there is some code in dnsmasq that is supposed to > handle this, it does not verify the records correctly. > > Did anyone else experience this problem? Is it a bug with dnsmasq or the > authoritative name servers of that domain? > > Best, > -Michael > > > > _______________________________________________ > Development mailing list > Development(a)lists.ipfire.org > http://lists.ipfire.org/mailman/listinfo/development > -- "Rod" Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 214.827.2170 http://www.dailydata.net --===============7844005401584895741==--