dig compiled without -DDIG_SIGCHASE!
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Fix Released
|
Undecided
|
LaMont Jones | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Intrepid |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: dnsutils
I'm trying to validate my DNSSEC zone signatures using dig. To do this I need to use the +sigchase flag to dig. When I do so, this is what I see:
toccata% dig +sigchase +dnssec DS fugue.se.
Invalid option: +sigchase
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
[ host [@local-server] {local-d-opt} [...]]
Use "dig -h" (or "dig -h | more") for complete list of options
toccata%
I think what's going on here is that dig has not been compiled with the -DDIG_SIGCHASE option.
Given all the excitement recently with Dan Kaminsky's DNS bug, I think the ability to check DNSSEC signatures is now a requirement, not something that should be optional. Dig is a debugging tool for DNS administrators, and in order for us to debug our DNSSEC installations, we need dig to be able to verify signatures.
toccata% lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
toccata% apt-cache policy dnsutils
dnsutils:
Installed: 1:9.4.2-10ubuntu0.1
Candidate: 1:9.4.2-10ubuntu0.1
Version table:
*** 1:9.4.2-10ubuntu0.1 0
500 http://
500 http://
100 /var/lib/
1:9.4.2-10 0
500 http://
toccata%
Related branches
Changed in bind9: | |
assignee: | nobody → lamont |
status: | New → Fix Committed |
I assume this is fixed in Intrepid's 1:9.5.0. dfsg.P2- 1ubuntu2, since it was fixed upstream in 1:9.4.2.dfsg.P2.