]> git.donarmstrong.com Git - dsa-puppet.git/commit
projects / dsa-puppet.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c861a97) | patch
umn forwarders break dnssec
authorPeter Palfrader <peter@palfrader.org>
Sun, 3 Apr 2011 15:32:20 +0000 (17:32 +0200)
committerPeter Palfrader <peter@palfrader.org>
Sun, 3 Apr 2011 15:32:20 +0000 (17:32 +0200)
commit11ed077671ba1b81d39fa0906dc6fd3d6c7630be
treeb7f5b0c04be24f852bfe6d6f80e4da267477766atree | snapshot
parentc861a97f31193f01625572fdc54d13834102ea3ecommit | diff
umn forwarders break dnssec

They don't give us NSEC records for missing DS records,
e.g:

| weasel@saens:~$ dig @128.101.101.101 debian.com  -t ds +dnssec
|
| ; <<>> DiG 9.7.3 <<>> @128.101.101.101 debian.com -t ds +dnssec
| ; (1 server found)
| ;; global options: +cmd
| ;; Got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13955
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
|
| ;; OPT PSEUDOSECTION:
| ; EDNS: version: 0, flags: do; udp: 4096
| ;; QUESTION SECTION:
| ;debian.com.                    IN      DS
|
| ;; AUTHORITY SECTION:
| com.                    527     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1301844372 1800 900 604800 86400
| com.                    527     IN      RRSIG   SOA 8 1 900 20110410152612 20110403141612 1793 com. JFEZa5Kb5xJyibTSX4YySdz8fY53Vftd1VswlmEMJSkMyUIqq2zYWJm6 zvpK1y4RjE9Abv7vo5X8GcMuOg4TO31Pf6rAdloqYvcqZyFtu7DBoxYF A1lpz0w5Ru9stynHe4sNTk2xnbODzbZlW5DmUpPV4b1MjbxLgXkCyuLs H6o=
|
| ;; Query time: 1 msec
| ;; SERVER: 128.101.101.101#53(128.101.101.101)
| ;; WHEN: Sun Apr  3 15:32:58 2011
| ;; MSG SIZE  rcvd: 275

(no NSEC3 records)
modules/debian-org/misc/hoster.yaml diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.