Displaying 20 results from an estimated 800 matches similar to: "feature request: modify getrrsetbyname() to use libunbound"
2007 Mar 12
1
Redefinition of _res in getrrsetbyname.c
I've been trying to figure out why I can't seem to use SSHFP
fingerprints delivered via DNSSEC, which led me to try to figure out why
OpenSSH won't use DNSSEC on my NetBSD-4-branch platform.
It turns out that around line 70 in openbsd-compat/getrrsetbyname.c, we
have the following:
/* to avoid conflicts where a platform already has _res */
#ifdef _res
# undef _res
2007 Jun 11
20
[Bug 1320] New: Add support for ldns
http://bugzilla.mindrot.org/show_bug.cgi?id=1320
Summary: Add support for ldns
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: svallet at
2013 Jun 09
7
[Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2119
Bug ID: 2119
Summary: SSHFP with DNSSEC ? no trust anchors given, validation
always fails
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2007 May 21
1
[PATCH] Add support for ldns
Hi,
as discussed before, we're trying to make use of SSHFP records (RFC
4255) to publish host key fingerprints in the DNS.
However, some non-OpenBSD platforms don't support DNSSEC in the native
resolver (e.g. glibc), which renders the whole thing quite useless,
since openssh correctly requires the RRs to be signed and validated.
The following patch adds support for ldns, an external
2009 Jun 29
2
openbsd-compat/getrrsetbyname.c: answer buffer size too large for EDNS0 and glibc
Hello.
I have an issue with SSHFP lookups using "VerifyHostKeyDNS=yes" and
"options edns0" in /etc/resolv.conf (glib >= 2.6).
getrrsetbyname() calls res_query() with a maximum buffer size of 65536.
The glibc resolver truncates this value to 16 bits, reducing the query's
advertised buffer size to 0.
BIND appears to ignore it while Unbound returns a server failure.
2018 Jan 10
4
sshfp/ldns still having issues in 7.6
I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a
year or so ago I ran into the problem listed in this bug report:
Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472
The release notes for 7.6 release notes indicate that the fix patch was
included: https://www.openssh.com/txt/release-7.6
I tried 7.6 and I still cannot connect without a prompt wondering
2005 Nov 04
1
[Bug 1111] memory leak in openbsd-compat/getrrsetbyname.c, function: getrrsetbyname
http://bugzilla.mindrot.org/show_bug.cgi?id=1111
Summary: memory leak in openbsd-compat/getrrsetbyname.c,
function: getrrsetbyname
Product: Portable OpenSSH
Version: 4.2p1
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo:
2016 Aug 03
5
[Bug 2603] New: Build with ldns and without kerberos support fails if ldns compiled with kerberos support
https://bugzilla.mindrot.org/show_bug.cgi?id=2603
Bug ID: 2603
Summary: Build with ldns and without kerberos support fails if
ldns compiled with kerberos support
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2018 Jan 11
3
sshfp/ldns still having issues in 7.6
> I replaced the ldns code with getdns. Works fine for more than a year now.
>
I am interested in how you did that. Would you mind sharing your procedure?
> I don't think anybody cares. I tried to tell people. But that had no
> effect.
>
There certainly is not as much talk about it as I would expect there to be.
2012 Jun 29
2
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Patch applied, thanks.
I still don't understand how it gets into this state since the space
should be allocated immediately beforehand:
if (rrset->rri_nsigs > 0) {
rrset->rri_sigs = calloc(rrset->rri_nsigs,
2007 Mar 16
2
[Bug 1299] Remove redefinition of _res in getrrsetbyname.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1299
Summary: Remove redefinition of _res in getrrsetbyname.c
Product: Portable OpenSSH
Version: 4.5p1
Platform: All
OS/Version: NetBSD
Status: NEW
Keywords: patch
Severity: major
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
2012 Jun 26
2
[Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
Bug #: 2022
Summary: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled
resolver and a CNAME
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2015 Dec 24
2
Centos7 poblems with dnssec-keygen
I am reading:
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
I have bind installed and default config running. I have not applied my
customizations yet. The first step I am taking is getting rndc.key
created. So reading the guide I am trying to run (while logged in as
root, and in /etc):
dnssec-keygen -a hmac-md5 -b 256 -n HOST rndc.key
The system is just
2014 Aug 18
15
Call for testing: OpenSSH 6.7
Hi,
OpenSSH 6.7 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a big release
containing a number of features, a lot of internal refactoring and some
potentially-incompatible changes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
2010 Nov 28
2
[PATCH] Use canonical hostname for DNS SSHFP lookup
In the current implementation, ssh always uses the hostname supplied by
the user directly for the SSHFP DNS record lookup. This causes problems
when using the domain search path, e.g. I have "search example.com" in my
resolv.conf and then do a "ssh host", I will connect to host.example.com,
but ssh will query the DNS for an SSHFP record of "host.", not
2023 Mar 15
0
Announce: OpenSSH 9.3 released
OpenSSH 9.3 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested
2019 Feb 13
2
DNSSEC Questions
Last weekend I had my DNSSEC keys expire. I discovered that they had
expired the hard way... namely randomly websites could not be found and
email did not get delivered. It seems that the keys were only valid for
what I estimate was about 30 days. It is a real PITA to have update the
keys, restart named and then update Godaddy with new digests.
The first part of the problem is fairly
2007 Feb 08
1
"Out of memory" error looking up SSHFP records
Hi,
we're currently considering making use of RFC4255 SSHFP records,
but are hitting a problem with a 4.4p1 client running on Tru64 5.1A:
[...]
debug3: verify_host_key_dns
DNS lookup error: out of memory
[...]
No matching host key fingerprint found in DNS.
A 4.3p2 linux client gives the following :
[...]
debug3: verify_host_key_dns
debug1: found 1 insecure fingerprints in DNS
debug1:
2019 Feb 13
3
DNSSEC Questions
On 2/12/19 10:55 PM, Alice Wonder wrote:
> DNSSEC keys do not expire. Signatures do expire. How long a signature
> is good for depends upon the software generating the signature, some
> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>
> The keys are in DNSSKEY records that are signed by your Key Signing
> Key and must be resigning before the signature
2015 Dec 11
4
[Bug 2516] New: ssh client shouldn't trust the DNS AD bit blindly
https://bugzilla.mindrot.org/show_bug.cgi?id=2516
Bug ID: 2516
Summary: ssh client shouldn't trust the DNS AD bit blindly
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at