Changes between Initial Version and Version 5 of Ticket #768


Ignore:
Timestamp:
21 Jul 2014, 22:25:11 (7 years ago)
Author:
Bill Fenner
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #768

    • Property Owner changed from llynch@… to Bill Fenner
    • Property Status changed from new to assigned
    • Property Component changed from incoming to network
    • Property Type changed from request to defect

  • Ticket #768 – Description

    initial v5  
    1 {{{
    21The dns64 resolver that is set up for ietf-nat64 appears to be doing synthesis even if the DO and CD flags are set in the query:
    32
     3{{{
    44 saucy% dig +sigchase +edns=0 +dnssec +cdflag aaaa home.fugue.com.
    55 ./trusted-key.key:2: TTL set to prior TTL (5)
     
    1010
    1111 ;; RRSIG is missing for continue validation: FAILED
     12}}}
    1213
    1314This breaks any host that does NAT64 Prefix Discovery so as to do DNS64 synthesis with secure local DNSSEC validation.   Is there some reason why this is enabled, or am I misunderstanding something?   This would be enabled using the break-dnssec flag in the named.conf file, so if it is deliberately enabled, it should be visible; otherwise it could just be a bug.
    14 
    15 }}}