NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
On Fri, 20 Mar 2020, Jarle Greipsland wrote:
> reed%reedmedia.net@localhost writes:
> > I was able to reproduce maybe the problem. I think the version of named
> > is bad (it is unsupported).
> Might it have to do with the fact that the (only) DS RR for
> protonmail.ch uses digest type 4 (i.e. SHA-384), which is an
> optional algorithm? What is the support of our BIND version for
> the SHA-384 algorithm?
I was wondering about that but the BIND code then (9.10.5-P1) has the
SHA-384 algorithm support
src/external/bsd/bind/dist/lib/isc/sha2.c
and
the DS code has the digest_type support for DNS_DSDIGEST_SHA384
src/external/bsd/bind/dist/lib/dns/rdata/generic/ds_43.c
Also I was able to find some current domains that only have type "4"
that work (mxz.ch, v4bl.org, agimm.org, ampau.org).
I do think it has something to do with the netbsd build separate from
netbsd build, it works fine. I didn't track this down yet.
You can also use delv to see named like behaviour:
delv protonmail.ch
delv -d 99 protonmail.ch
Home |
Main Index |
Thread Index |
Old Index