From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E5E7C138CA2 for ; Tue, 21 Apr 2015 17:27:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BFEA1E088C; Tue, 21 Apr 2015 17:27:28 +0000 (UTC) Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B6084E0885 for ; Tue, 21 Apr 2015 17:27:27 +0000 (UTC) Received: by obfe9 with SMTP id e9so149850509obf.1 for ; Tue, 21 Apr 2015 10:27:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=FClga6yy3g3tVgmJ4bpkV1Ds+nGKiLSJC+blIzhN0bA=; b=X9/hzDABRIpHwJJJ+XLh/mZMKtAB+Sgd8ES3s6QLK3GHN5w9Qnbf7nL+1+m++sGLw+ ReAOCf7xcpCqURSB4SgJtBlI5t/Eu2Jx81sjjJN9w63P2WpKefya7Yt1JvzHkR4HLq49 ehsBr7ZVUeiElWh/OxULVYg7RCAmskAjUF2w0JSwLOwsoKVI5WLunDCVl9m/P0KGUmvi SCeSzLk3PLsur/tdx0UP4i0RgdJEP3rj/+czj6LcJpekcWYVgAzxil8ZSolhJVcCkqZF oT/yTjVQgJWN8NegPA80bbJksJVg4aOjUofbZAnhPV0H7u2MgGzrnSLWxOMqi9chUFZo Rj3A== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.202.224.11 with SMTP id x11mr18625814oig.33.1429637247157; Tue, 21 Apr 2015 10:27:27 -0700 (PDT) Sender: alon.barlev@gmail.com Received: by 10.202.104.86 with HTTP; Tue, 21 Apr 2015 10:27:27 -0700 (PDT) Date: Tue, 21 Apr 2015 20:27:27 +0300 X-Google-Sender-Auth: M0OEwFZNYzULEGIfXqKxrkZQlD0 Message-ID: Subject: [gentoo-dev] bugs.gentoo.org and dnssec From: Alon Bar-Lev To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 3f7398cc-ee46-4ef1-a2ee-63504e34227b X-Archives-Hash: 7ed773d6fb113f8497d5ccda9b8e2f93 Hi, Not sure where the problem is... maybe others can reproduce this. When using bugs.gentoo.org with dnsmasq and dnssec enabled, I cannot access attachments. The attachments are forwarded to a CNAME, for example: --- 546330.bugs.gentoo.org. 60 IN CNAME bugs-gossamer.gentoo.org. bugs-gossamer.gentoo.org. 300 IN CNAME gannet.gentoo.org. gannet.gentoo.org. 604800 IN A 204.187.15.4 --- When trying to access without dnssec all is ok: --- Apr 21 20:19:04 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1 Apr 21 20:19:04 [dnsmasq] forwarded 546330.bugs.gentoo.org to 192.168.1.1 Apr 21 20:19:04 [dnsmasq] validation result is INSECURE Apr 21 20:19:04 [dnsmasq] reply 546330.bugs.gentoo.org is Apr 21 20:19:04 [dnsmasq] reply bugs-gossamer.gentoo.org is Apr 21 20:19:04 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4 --- When trying to access with dnssec, notice the "validation result is BOGUS", no result is returned: --- Apr 21 20:09:33 [dnsmasq] query[A] 546330.bugs.gentoo.org from 127.0.0.1 Apr 21 20:09:33 [dnsmasq] forwarded 546330.bugs.gentoo.org to 10.38.5.26 Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] gentoo.org to 10.38.5.26 Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] gentoo.org to 10.38.5.26 Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] org to 10.38.5.26 Apr 21 20:09:33 [dnsmasq] dnssec-query[DS] org to 10.38.5.26 Apr 21 20:09:33 [dnsmasq] dnssec-query[DNSKEY] . to 10.38.5.26 Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 19036 Apr 21 20:09:33 [dnsmasq] reply . is DNSKEY keytag 48613 Apr 21 20:09:33 [dnsmasq] reply org is DS keytag 21366 - Last output repeated twice - Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 3213 Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 21366 Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 9795 Apr 21 20:09:33 [dnsmasq] reply org is DNSKEY keytag 34023 Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DS keytag 46873 - Last output repeated twice - Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 52980 Apr 21 20:09:33 [dnsmasq] reply gentoo.org is DNSKEY keytag 46873 Apr 21 20:09:33 [dnsmasq] validation result is BOGUS Apr 21 20:09:33 [dnsmasq] reply 546330.bugs.gentoo.org is Apr 21 20:09:33 [dnsmasq] reply bugs-gossamer.gentoo.org is Apr 21 20:09:33 [dnsmasq] reply gannet.gentoo.org is 204.187.15.4 --- Maybe it is local issue of the dns I am using (I have no access to it), but maybe there is a issue at infra. Regards, Alon Bar-Lev.