[Bug 1825712] Re: bind9 is compiled without support for EdDSA DNSSEC keys

Thu, 09 May 2019 06:41:27 -0700 

Disco verification:

First, reproducing the bug:
ubuntu@disco-bind-1825712:~$ apt-cache policy bind9
bind9:
  Installed: 1:9.11.5.P1+dfsg-1ubuntu2.3
  Candidate: 1:9.11.5.P1+dfsg-1ubuntu2.3
  Version table:
 *** 1:9.11.5.P1+dfsg-1ubuntu2.3 500
        500 http://br.archive.ubuntu.com/ubuntu disco-updates/main amd64 
Packages

Offline test:
ubuntu@disco-bind-1825712:~$ dnssec-keygen -a ED25519 example.com
dnssec-keygen: fatal: unsupported algorithm: 15

Online test returns "unsigned answer", as expected:
ubuntu@disco-bind-1825712:~$ delv +dnssec +multiline @127.0.0.1 ed25519.nl
;; validating ed25519.nl/A: no valid signature found
; unsigned answer
ed25519.nl.             3600 IN A 77.72.150.82
ed25519.nl.             3200171710 IN RRSIG A 15 2 3600 (
                                20190523000000 20190502000000 27662 ed25519.nl.
                                3y59a9G5rk/CMh36BPqonn2NjILp12SDmeQGloaUD5go
                                e5A+Q6TsD7fDU9Bj3DtP6SqBturCFCxcUDzLeCp4AQ== )

Now with the updated packages:
ubuntu@disco-bind-1825712:~$ apt-cache policy bind9
bind9:
  Installed: 1:9.11.5.P1+dfsg-1ubuntu2.4
  Candidate: 1:9.11.5.P1+dfsg-1ubuntu2.4
  Version table:
 *** 1:9.11.5.P1+dfsg-1ubuntu2.4 500
        500 http://br.archive.ubuntu.com/ubuntu disco-proposed/main amd64 
Packages

Offline test succeeds:
ubuntu@disco-bind-1825712:~$ dnssec-keygen -a ED25519 example.com
Generating key pair.
Kexample.com.+015+18445

Online test returns "fully validated":
ubuntu@disco-bind-1825712:~$ delv +dnssec +multiline @127.0.0.1 ed25519.nl
; fully validated
ed25519.nl.             3600 IN A 77.72.150.82
ed25519.nl.             3600 IN RRSIG A 15 2 3600 (
                                20190523000000 20190502000000 27662 ed25519.nl.
                                3y59a9G5rk/CMh36BPqonn2NjILp12SDmeQGloaUD5go
                                e5A+Q6TsD7fDU9Bj3DtP6SqBturCFCxcUDzLeCp4AQ== )

Disco verification succeeded.

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1825712

Title:
  bind9 is compiled without support for EdDSA DNSSEC keys

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1825712/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to