DelphinusDNS Blog

(the latest about delphinusdnsd)
  


Tomorrows snapshot should fix TSIG with dddctl

October 10th, 2019

Before tonights snapshot, a 'dddctl query' AXFR was able to authenticate with TSIG. But it wasn't able to verify what came back with TSIG. Now it can. and I can only test it so much because I don't know how to MITM in a quick enough time. TSIG is explained in RFC 2845. It stands for "This #### Is Good!". I'm very happy, as the routines I changed pave the way for slave server mode.


comment from Peter J. Philipp at Fri, 11 Oct 2019 06:51:06 +0000(1570776666)

I loaded a new binary from last nights snapshot on kite.centroid.eu and tested this on the centroid.eu zone and it worked perfectly. I'm very happy.

comment from Peter J. Philipp at Sun, 13 Oct 2019 16:44:51 +0000(1570985091)

I found a bug with this when it tries to AXFR from an nsd master. I have a patch ready and will likely commit it tomorrow.

comment from Peter J. Philipp at Mon, 14 Oct 2019 18:15:46 +0000(1571076946)

I have created a MITM which was very simple with the divert(4) manpage which has sample code. I was able to modify the packet in-flight with a stray 'A' character. The TSIG algorithm warned that there was an error. This is what I wanted.

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS