Discussion:
[Dnsmasq-discuss] dnssec queries with --bogus-priv
Kevin Darbyshire-Bryant
2018-05-15 15:35:22 UTC
Permalink
Here’s another one of those innocent questions caused by looking at a logfile :-)

I have ‘—bogus-priv’ set so in theory I’m not going to ask upstream questions about RFC1918 addresses, which I don’t, except I see these
.

dnssec-query[DS] 10.in-addr.arpa to 8.8.8.8
dnssec-query[DS] 168.192.in-addr.arpa to 8.8.8.8

You get the idea.

So, should I?


Cheers,

Kevin D-B

012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
Simon Kelley
2018-06-02 13:52:18 UTC
Permalink
Hi Kevin,


Can you include the context of these lines?


When I query x.y.168.192.in-addr-arpa without --bogus-priv I get
SERVFAIL, because Google public DNS returns an unsigned reply to

dnssec-query[DS] 168.192.in-addr.arpa

but with --bogus-priv I get a local answer which never gets validated,
as I'd expect.


Cheers,

Simon.
Post by Kevin Darbyshire-Bryant
Here’s another one of those innocent questions caused by looking at a logfile :-)
I have ‘—bogus-priv’ set so in theory I’m not going to ask upstream questions about RFC1918 addresses, which I don’t, except I see these
.
dnssec-query[DS] 10.in-addr.arpa to 8.8.8.8
dnssec-query[DS] 168.192.in-addr.arpa to 8.8.8.8
You get the idea.
So, should I?
Cheers,
Kevin D-B
012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...