dig tool not compile with -DDIG_SIGCHASE , so no dnssec validation #10728
Comments
|
Is it as simple as adding the flag? Or are there other gotchas that explain why it's not on by default? |
|
I have no idea. But from the bind readme and the dig --help it seems it is as easy as adding that flag. I am new to nixos so I don't yet know how to write packages, etc. So I can test on my machine. |
|
(triage) status? |
FlorentBecker
added a commit
to FlorentBecker/nixpkgs
that referenced
this issue
Feb 19, 2017
7 tasks
|
@hugdru, can you test the above pull request? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Because, https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/dns/bind/default.nix , is not compiled with STD_CDEFINES="-DDIG_SIGCHASE=1"; export STD_CDEFINES . I cannot chase DNSSEC signature chains.
README - https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/bind9/vivid/view/head:/README#L184
Same bug - https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/257682
Other Info - http://www.crypt.gen.nz/papers/dns_security_2.html
The text was updated successfully, but these errors were encountered: