Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Alon Bar-Lev <alonbl@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] bugs.gentoo.org and dnssec
Date: Tue, 21 Apr 2015 17:27:34
Message-Id: CAOazyz3fwV4hmO3ZAKuSZ9fdFPdBjF6u2R286KkxVJihfXWZ3A@mail.gmail.com
1 Hi,
2
3 Not sure where the problem is... maybe others can reproduce this.
4
5 When using bugs.gentoo.org with dnsmasq and dnssec enabled, I cannot
6 access attachments.
7
8 The attachments are forwarded to a CNAME, for example:
9 ---
10 546330.bugs.gentoo.org. 60 IN CNAME bugs-gossamer.gentoo.org.
11 bugs-gossamer.gentoo.org. 300 IN CNAME gannet.gentoo.org.
12 gannet.gentoo.org. 604800 IN A 204.187.15.4
13 ---
14
15 When trying to access without dnssec all is ok:
16 ---
17 Apr 21 20:19:04 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1
18 Apr 21 20:19:04 [dnsmasq] forwarded 546330.bugs.gentoo.org to 192.168.1.1
19 Apr 21 20:19:04 [dnsmasq] validation result is INSECURE
20 Apr 21 20:19:04 [dnsmasq] reply 546330.bugs.gentoo.org is <CNAME>
21 Apr 21 20:19:04 [dnsmasq] reply bugs-gossamer.gentoo.org is <CNAME>
22 Apr 21 20:19:04 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4
23 ---
24
25 When trying to access with dnssec, notice the "validation result is
26 BOGUS", no result is returned:
27 ---
28 Apr 21 20:09:33 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1
29 Apr 21 20:09:33 [dnsmasq] forwarded 546330.bugs.gentoo.org to 10.38.5.26
30 Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] gentoo.org to 10.38.5.26
31 Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] gentoo.org to 10.38.5.26
32 Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] org to 10.38.5.26
33 Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] org to 10.38.5.26
34 Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] . to 10.38.5.26
35 Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 19036
36 Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 48613
37 Apr 21 20:09:33 [dnsmasq] reply org is DS keytag 21366
38 - Last output repeated twice -
39 Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 3213
40 Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 21366
41 Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 9795
42 Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 34023
43 Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DS keytag 46873
44 - Last output repeated twice -
45 Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 52980
46 Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 46873
47 Apr 21 20:09:33 [dnsmasq] validation result is BOGUS
48 Apr 21 20:09:33 [dnsmasq] reply 546330.bugs.gentoo.org is <CNAME>
49 Apr 21 20:09:33 [dnsmasq] reply bugs-gossamer.gentoo.org is <CNAME>
50 Apr 21 20:09:33 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4
51 ---
52
53 Maybe it is local issue of the dns I am using (I have no access to
54 it), but maybe there is a issue at infra.
55
56 Regards,
57 Alon Bar-Lev.

Replies

Subject Author
Re: [gentoo-dev] bugs.gentoo.org and dnssec James Cloos <cloos@×××××××.com>
Report Message
Find on MARC Find on Google Groups