1 |
Hi, |
2 |
|
3 |
Not sure where the problem is... maybe others can reproduce this. |
4 |
|
5 |
When using bugs.gentoo.org with dnsmasq and dnssec enabled, I cannot |
6 |
access attachments. |
7 |
|
8 |
The attachments are forwarded to a CNAME, for example: |
9 |
--- |
10 |
546330.bugs.gentoo.org. 60 IN CNAME bugs-gossamer.gentoo.org. |
11 |
bugs-gossamer.gentoo.org. 300 IN CNAME gannet.gentoo.org. |
12 |
gannet.gentoo.org. 604800 IN A 204.187.15.4 |
13 |
--- |
14 |
|
15 |
When trying to access without dnssec all is ok: |
16 |
--- |
17 |
Apr 21 20:19:04 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1 |
18 |
Apr 21 20:19:04 [dnsmasq] forwarded 546330.bugs.gentoo.org to 192.168.1.1 |
19 |
Apr 21 20:19:04 [dnsmasq] validation result is INSECURE |
20 |
Apr 21 20:19:04 [dnsmasq] reply 546330.bugs.gentoo.org is <CNAME> |
21 |
Apr 21 20:19:04 [dnsmasq] reply bugs-gossamer.gentoo.org is <CNAME> |
22 |
Apr 21 20:19:04 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4 |
23 |
--- |
24 |
|
25 |
When trying to access with dnssec, notice the "validation result is |
26 |
BOGUS", no result is returned: |
27 |
--- |
28 |
Apr 21 20:09:33 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1 |
29 |
Apr 21 20:09:33 [dnsmasq] forwarded 546330.bugs.gentoo.org to 10.38.5.26 |
30 |
Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] gentoo.org to 10.38.5.26 |
31 |
Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] gentoo.org to 10.38.5.26 |
32 |
Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] org to 10.38.5.26 |
33 |
Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] org to 10.38.5.26 |
34 |
Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] . to 10.38.5.26 |
35 |
Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 19036 |
36 |
Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 48613 |
37 |
Apr 21 20:09:33 [dnsmasq] reply org is DS keytag 21366 |
38 |
- Last output repeated twice - |
39 |
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 3213 |
40 |
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 21366 |
41 |
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 9795 |
42 |
Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 34023 |
43 |
Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DS keytag 46873 |
44 |
- Last output repeated twice - |
45 |
Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 52980 |
46 |
Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 46873 |
47 |
Apr 21 20:09:33 [dnsmasq] validation result is BOGUS |
48 |
Apr 21 20:09:33 [dnsmasq] reply 546330.bugs.gentoo.org is <CNAME> |
49 |
Apr 21 20:09:33 [dnsmasq] reply bugs-gossamer.gentoo.org is <CNAME> |
50 |
Apr 21 20:09:33 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4 |
51 |
--- |
52 |
|
53 |
Maybe it is local issue of the dns I am using (I have no access to |
54 |
it), but maybe there is a issue at infra. |
55 |
|
56 |
Regards, |
57 |
Alon Bar-Lev. |