NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe



I added a large amount of debugging.
Too bad the many checks didbn't have debug logging.

I don't know why but the created new digest hash didn't match.
The technique is to use same digest algorithm type and create a digest 
of the matching DNSKEY.  In this case the resulting digest didn't match. 
(New one was six bytes shorter.)
I will stop here. I just assume something is wrong with the crypto (in 
bind9 or its dependencies).

;; validating protonmail.ch/DNSKEY: JCR23: old digest 
"#})^Y^OESCF<96>yA^_2<9A>*{CW\^\ok<9F>R^Y<96>&^Sy<8D><9E>p1^?!|
;; validating protonmail.ch/DNSKEY: JCR24: old digest length 56
;; validating protonmail.ch/DNSKEY: JCR7: dns_rdata_tostruct result 0
;; validating protonmail.ch/DNSKEY: JCR9: algorithm 8 8
;; validating protonmail.ch/DNSKEY: JCR8: keytag 27196 6753
;; validating protonmail.ch/DNSKEY: JCR7: dns_rdata_tostruct result 0
;; validating protonmail.ch/DNSKEY: JCR9: algorithm 8 8
;; validating protonmail.ch/DNSKEY: JCR8: keytag 27196 27196
;; validating protonmail.ch/DNSKEY: JCR10: dns_ds_buildrdata result 0
;; validating protonmail.ch/DNSKEY: JCR14: new type 43
;; validating protonmail.ch/DNSKEY: JCR15: old length 52
;; validating protonmail.ch/DNSKEY: JCR16: new length 52
;; validating protonmail.ch/DNSKEY: JCR17: new digest type 4
;; validating protonmail.ch/DNSKEY: JCR18: new key tag 27196
;; validating protonmail.ch/DNSKEY: JCR19: new algorithm 8
;; validating protonmail.ch/DNSKEY: JCR20: new length 48
;; validating protonmail.ch/DNSKEY: JCR21: new digest s<96> <80>e
;; validating protonmail.ch/DNSKEY: JCR25: new digest length 50



Home | Main Index | Thread Index | Old Index