serv/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2024-12-26 00:13:47 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

better check for dnssec-verifying resolver

Browse source 
check the authentic data bit for the NS records of "com.", not for ".": some
dnssec-verifying resolvers return unauthentic data for ".".

for issue #139 by triatic, thanks!
This commit is contained in:
Mechiel Lukkien 2024-03-07 10:34:13 +01:00
parent 9e7d6b85b7
commit 4db1f5593c
No known key found for this signature in database
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
quickstart.go
View file

@ -162,8 +162,9 @@ logging in with IMAP.
resolveCtx, resolveCancel := context.WithTimeout(context.Background(), 10*time.Second)
defer resolveCancel()
// Some DNSSEC-verifying resolvers return unauthentic data for ".", so we check "com".
fmt.Printf("Checking if DNS resolvers are DNSSEC-verifying...")
_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, ".")
_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, "com.")
if err != nil {
fmt.Println("")
fatalf("checking dnssec support in resolver: %v", err)

3
webadmin/admin.go
View file

@ -529,7 +529,8 @@ func checkDomain(ctx context.Context, resolver dns.Resolver, dialer *net.Dialer,
defer logPanic(ctx)
defer wg.Done()
_, result, err := resolver.LookupNS(ctx, ".")
// Some DNSSEC-verifying resolvers return unauthentic data for ".", so we check "com".
_, result, err := resolver.LookupNS(ctx, "com.")
if err != nil {
addf(&r.DNSSEC.Errors, "Looking up NS for DNS root (.) to check support in resolver for DNSSEC-verification: %s", err)
} else if !result.Authentic {