Comments (1)
The issue was that the DS record for the site had a number of nonmatching DS entries, for like a key rollover, for keys that are not in the key set. Because of these entries, the result was bogus, because they did not match anything. The fix checks that when no entry has matched apart from cryptolib refusals, and there are cryptolib algorithm refusal entries, it becomes insecure for the delegation point DS record check.
That fixes the lookup that is cited in the issue, it was not really about the specific DNSKEY algorithm, but about the DS RRset entries, and the lookup cited in the issue then becomes insecure and resolves. Thanks for the report!
from unbound.
Related Issues (20)
- fatal error: Could not initialize thread / error: reading root hints HOT 8
- a heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c
- Unable to resolve .eu TLD HOT 5
- Low Throughput Issue with unbound DNS over TLS on Ubuntu 22.04 HOT 14
- unbound compiling question HOT 5
- Option for unbound-control list_forwards to list IPv6 only or IPv4 only upsreams
- 在配置EDNS Client Subnet 后部分域名无法获取DNS解析 HOT 9
- There are memory leaks with SIGHUP HOT 6
- [FR] Introduce libunbound-control library for external consumers HOT 2
- [FR] Does latest unbound to supports on Ubuntu 24.04 HOT 1
- Intermittent DNS blocking failure with local-zone and always_nxdomain HOT 23
- [SERVFAIL] Unbound with DoT enabled fails to resolve certain websites HOT 4
- [FR] Managing Cache Deletion and Fallback to Forwarding During Unbound Recursive DNS Failures
- [BUG] Problems to build unbound with nghttp2 and OpenSSL 3.3.0 / 3.2.1 HOT 3
- Unbound 1.20 Cachedb broken? HOT 34
- SHOULD in section 4.2 of RFC 9460 not implemented
- Unbound cache question because I'm confused HOT 2
- Chroot location question HOT 1
- Unbound 1.20 crashes in less than one hour, in libevent HOT 4
- [FR] Clear both in-memory and `cachedb` module cache with `unbound-control flush*` commands HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unbound.