[Bug 288011] Re: dns resolver does not support dnssec
Neal McBurnett
neal at bcn.boulder.co.us
Mon May 25 02:56:37 UTC 2015
What is the status of this for currently supported Ubuntu distributions?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/288011
Title:
dns resolver does not support dnssec
Status in glibc package in Ubuntu:
Confirmed
Bug description:
RES_USE_DNSSEC is not defined in /usr/include/resolv.h. Even if I do
set bit 0x02000000 (the usual definition of this) in the options for
res_query, and I have "options edns0" in my resolv.conf, I don't get
an authenticated response from the server.
I've attached a pcap file with three queries. The first is generated
by DIG, and shows that the server is authenticating data when
requested. The second and third were generated by OpenSSH. I note that
the first and third queries appear to be identical except for the port
number and request ID; from the trace I cannot see why the server
authenticated the first response, but not the second.
Anyway, this is a security issue for those of us who rely on DNSSEC.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/288011/+subscriptions
More information about the foundations-bugs
mailing list