privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

LibreDNS doesn't support DNSSEC #2216

Merged
pilou- merged 1 commits from LibreDNS_doesnt_support_DNSSEC into master 2021-05-04 03:48:04 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1

1 Commits

Author SHA1 Message Date
Pierre-Louis Bonicoli 1e690821d2
LibreDNS doesn't support DNSSEC 
Tested with the following commands:

    $ kdig @116.202.176.26 +tls-host=dot.libredns.gr +dnssec sigfail.verteiltesysteme.net
    ;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
    ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 8416
    ;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1

    ;; EDNS PSEUDOSECTION:
    ;; Version: 0; flags: do; UDP size: 512 B; ext-rcode: NOERROR

    ;; QUESTION SECTION:
    ;; sigfail.verteiltesysteme.net.		IN	A

    ;; ANSWER SECTION:
    sigfail.verteiltesysteme.net.	42	IN	A	134.91.78.139
    sigfail.verteiltesysteme.net.	42	IN	RRSIG	A 5 3 60 20210502030010 20210131030010 30665 verteiltesysteme.net. //This+RRSIG+is+deliberately+broken///For+more+information+please+go+to/http+//www+verteiltesysteme+net///////////////////////////////////////////////////////////////////8=

The status is NOERROR and the AD flags is missing but the expected
status is SERVAIL.
 2021-02-25 16:55:15 +01:00