labs issueshttps://gitlab.nic.cz/groups/labs/-/issues2017-09-30T09:07:15+02:00https://gitlab.nic.cz/labs/jetconf/-/issues/21Tests2017-09-30T09:07:15+02:00Ladislav LhotkaTests- [x] agree on rules and tools for testing
- [ ] setup the testing infrastructure- [x] agree on rules and tools for testing
- [ ] setup the testing infrastructureProject organizationLadislav LhotkaLadislav Lhotkahttps://gitlab.nic.cz/labs/jetconf/-/issues/20Continuous integration2017-09-30T09:07:15+02:00Ladislav LhotkaContinuous integrationTasks:
- [ ] agree on rules and tools
- [ ] setup CI hooksTasks:
- [ ] agree on rules and tools
- [ ] setup CI hooksProject organizationLadislav LhotkaLadislav Lhotkahttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/60DNSSEC validation based on Knot resolver core2017-08-23T10:32:07+02:00Martin StrakaDNSSEC validation based on Knot resolver coreIt seems that DNSSEC Validator can used dnssec validation core from Knot resolver project.It seems that DNSSEC Validator can used dnssec validation core from Knot resolver project.on the back burnerhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/57Displays internal firefox resources as DNSSEC secured (not-existent)2017-08-23T10:32:07+02:00rugkDisplays internal firefox resources as DNSSEC secured (not-existent)What I did:
1. I have [Privacy Badger](https://www.eff.org/privacybadger) installed.
2. I clicked on the icon.
3. Sometimes (and very likely at the first start) it shows you an orange message to 'learn more' about how the add-on works...What I did:
1. I have [Privacy Badger](https://www.eff.org/privacybadger) installed.
2. I clicked on the icon.
3. Sometimes (and very likely at the first start) it shows you an orange message to 'learn more' about how the add-on works.
4. I clicked on it and it showed me this site, which is clearly an internal site, as it starts with `resource://`:
`resource://jid1-mnnxcxisbpnsxq-at-jetpack/privacybadger/data/firstRun.html#slideshow`
What happened: It checked the 'domain' and sayed it's not existent and displayed a green icon:
![DNSSEC_Resource](https://gitlab.labs.nic.cz/labs/dnssec-validator/uploads/92a371fbaacc7b413bb451b9e52a5ce7/DNSSEC_Resource.png)
What should happen: Do not check resource:// addresses and maybe hide the icons at all.
2.3.0Martin StrakaMartin Strakahttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/56Firefox will not install DNSSEC validator on the 64-bit edition2017-08-23T10:32:07+02:00Martin StrakaFirefox will not install DNSSEC validator on the 64-bit editionFirefox will not install your DNSSEC validator on the 64-bit edition. Hope you can fix this soon. Thanks for a great product.Firefox will not install your DNSSEC validator on the 64-bit edition. Hope you can fix this soon. Thanks for a great product.2.3.0Martin StrakaMartin Strakahttps://gitlab.nic.cz/labs/tablexia-old/-/issues/342Padající Hlídka a razítko zasekávající se pod perem2017-10-29T00:26:47+02:00Andrea ŠíchováPadající Hlídka a razítko zasekávající se pod peremHlídka mi taky spadla, posílala jsem bug.
Hlídka mi taky spadla, posílala jsem bug.
2.1.1https://gitlab.nic.cz/labs/dnssec-validator/-/issues/54Provide better information for building2017-08-23T10:32:07+02:00kolAflashProvide better information for buildingCouldn't compile, either on openSUSE 13.2 or Ubuntu 14.10. (both x86_64)
Tested with git tag v2.2.0.1.
Could you please provide more information how to compile?
E.g. a list of Linux distributions known to work well?
openSUSE 13.2...Couldn't compile, either on openSUSE 13.2 or Ubuntu 14.10. (both x86_64)
Tested with git tag v2.2.0.1.
Could you please provide more information how to compile?
E.g. a list of Linux distributions known to work well?
openSUSE 13.2 (x86_64)
---
```
make[7]: *** No rule to make target ../projects/DNSSECValidatorPlugin/../../../libs-built/unbound/lib/libunbound.a', needed bybin/DNSSECValidatorPlugin/npDNSSECValidatorPlugin.so'. Stop.
```
Ubuntu 14.10 (x86_64)
---
```
[ 49%] Building C object projects/DNSSECValidatorPlugin/CMakeFiles/DNSSECValidatorPlugin.dir/__/common/common.c.o [4/1874]
[ 50%] Building C object projects/DNSSECValidatorPlugin/CMakeFiles/DNSSECValidatorPlugin.dir/dnssec-plug.c.o
[ 51%] Building C object projects/DNSSECValidatorPlugin/CMakeFiles/DNSSECValidatorPlugin.dir/__/common/log_dflt.c.o
Linking CXX shared library ../../bin/DNSSECValidatorPlugin/npDNSSECValidatorPlugin.so
/usr/bin/c++ -fPIC -m64 -DFB_X11=1 -DXP_UNIX -fPIC -DBOOST_ALL_NO_LIB=1 -DUNICODE -D_UNICODE -Os -DNDEBUG -Wl,--discard-all -Wl,-Bsymbolic -Wl,-z,defs -Wl,--version-script=/home/someuser/eigene
_dateien/dnssec-validator/FireBreath/gen_templates/version_script.txt -shared -Wl,-soname,npDNSSECValidatorPlugin.so -o ../../bin/DNSSECValidatorPlugin/npDNSSECValidatorPlugin.so CMakeFiles/
DNSSECValidatorPlugin.dir/DNSSECValidatorPlugin.cpp.o CMakeFiles/DNSSECValidatorPlugin.dir/DNSSECValidatorPluginAPI.cpp.o CMakeFiles/DNSSECValidatorPlugin.dir/Factory.cpp.o CMakeFiles/DNSSECVa
lidatorPlugin.dir/__/common/common.c.o CMakeFiles/DNSSECValidatorPlugin.dir/dnssec-plug.c.o CMakeFiles/DNSSECValidatorPlugin.dir/__/common/log_dflt.c.o ../../PluginCore/libPluginCore.a PluginA
uto/libDVP_PluginAuto.a ../../NpapiCore/libNpapiCore.a ../../ScriptingCore/libScriptingCore.a ../../PluginCore/libPluginCore.a ../../boost/libs/thread/libboost_thread.a ../../boost/libs/system
/libboost_system.a ../../../projects/DNSSECValidatorPlugin/../../../libs-built/unbound/lib/libunbound.a ../../../projects/DNSSECValidatorPlugin/../../../libs-built/ldns/lib/libldns.a ../../../
projects/DNSSECValidatorPlugin/../../../libs-built/openssl/lib/libssl.a ../../../projects/DNSSECValidatorPlugin/../../../libs-built/openssl/lib/libcrypto.a -ldl -lpthread
CMakeFiles/DNSSECValidatorPlugin.dir/__/common/common.c.o: In function `unbound_resolver_init':
common.c:(.text+0x1e): undefined reference to `ub_ctx_create'
common.c:(.text+0xe6): undefined reference to `ub_ctx_set_fwd'
common.c:(.text+0xfd): undefined reference to `ub_strerror'
common.c:(.text+0x166): undefined reference to `ub_ctx_resolvconf'
common.c:(.text+0x18b): undefined reference to `ub_strerror'
common.c:(.text+0x1c0): undefined reference to `ub_ctx_add_ta_file'
common.c:(.text+0x1d1): undefined reference to `ub_ctx_add_ta'
common.c:(.text+0x1e8): undefined reference to `ub_strerror'
common.c:(.text+0x20a): undefined reference to `ub_ctx_set_option'
common.c:(.text+0x224): undefined reference to `ub_strerror'
common.c:(.text+0x252): undefined reference to `ub_ctx_delete'
CMakeFiles/DNSSECValidatorPlugin.dir/dnssec-plug.c.o: In function `dnssec_validation_deinit':
dnssec-plug.c:(.text+0x727): undefined reference to `ub_ctx_delete'
CMakeFiles/DNSSECValidatorPlugin.dir/dnssec-plug.c.o: In function `dnssec_validate':
dnssec-plug.c:(.text+0x8d7): undefined reference to `ub_resolve'
dnssec-plug.c:(.text+0x900): undefined reference to `ub_resolve_free'
dnssec-plug.c:(.text+0x926): undefined reference to `ub_resolve'
dnssec-plug.c:(.text+0x94f): undefined reference to `ub_resolve_free'
dnssec-plug.c:(.text+0x96e): undefined reference to `ub_resolve'
dnssec-plug.c:(.text+0x980): undefined reference to `ub_strerror'
dnssec-plug.c:(.text+0x9a6): undefined reference to `ub_resolve_free'
dnssec-plug.c:(.text+0x9c0): undefined reference to `ub_resolve'
dnssec-plug.c:(.text+0x9d2): undefined reference to `ub_strerror'
dnssec-plug.c:(.text+0xa1a): undefined reference to `ub_resolve_free'
collect2: error: ld returned 1 exit status
projects/DNSSECValidatorPlugin/CMakeFiles/DNSSECValidatorPlugin.dir/build.make:225: recipe for target 'bin/DNSSECValidatorPlugin/npDNSSECValidatorPlugin.so' failed
make[7]: *** [bin/DNSSECValidatorPlugin/npDNSSECValidatorPlugin.so] Error 1
CMakeFiles/Makefile2:437: recipe for target 'projects/DNSSECValidatorPlugin/CMakeFiles/DNSSECValidatorPlugin.dir/all' failed
make[6]: *** [projects/DNSSECValidatorPlugin/CMakeFiles/DNSSECValidatorPlugin.dir/all] Error 2
Makefile:75: recipe for target 'all' failed
make[5]: *** [all] Error 2
Makefile.unix:178: recipe for target 'npapi_x86_64' failed
make[4]: *** [npapi_x86_64] Error 2
Makefile.main:79: recipe for target 'plugin' failed
make[3]: *** [plugin] Error 2
CMakeFiles/RecursiveBuild.dir/build.make:52: recipe for target 'RecursiveBuild' failed
make[2]: *** [RecursiveBuild] Error 2
CMakeFiles/Makefile2:60: recipe for target 'CMakeFiles/RecursiveBuild.dir/all' failed
make[1]: *** [CMakeFiles/RecursiveBuild.dir/all] Error 2
Makefile:72: recipe for target 'all' failed
make: *** [all] Error 2
```on the back burnerKarel SlanýKarel Slanýhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/53Issues with SNI?2017-08-23T10:32:07+02:00Ghost UserIssues with SNI?I have two websites on the same IP using SNI, both secured with DNSSEC and different TLSA records.
Also the TTL for the A record is only 10s.
Using Firefox, most of the time everything works and both icons show green. However sometim...I have two websites on the same IP using SNI, both secured with DNSSEC and different TLSA records.
Also the TTL for the A record is only 10s.
Using Firefox, most of the time everything works and both icons show green. However sometimes if I had the first page open for a while then open the other I get a red icon for the TLSA record. However all links on the page work fine (I selected to block if TLSA record is wrong)
Just doing a refresh in the browser does not help.
Closing the brower and opening it again shows both as green again, so it probably is caching something and maybe not using the name but the IP somehow?
The pages in question (slow upstream, be gentle... :-)
* https://k8n.de
* https://chinesisch123.de
on the back burnerhttps://gitlab.nic.cz/labs/tablexia-old/-/issues/319Zdvojený / chybějící zvuk u pravidla Pronásledování2017-10-29T00:26:47+02:00Andrea ŠíchováZdvojený / chybějící zvuk u pravidla PronásledováníPotomhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/52both `dnssec-plug` and `dane-plug` shouldn't fallback to root servers2017-08-23T10:32:07+02:00Marek Seberaboth `dnssec-plug` and `dane-plug` shouldn't fallback to root serversI use plugins along with Unbound as my system resolver.
Going to https://bad-sig.dane.verisignlabs.com/ will first try to resolve it through set resolver, and if it fails, it tries again by connecting to root NS (root-servers.net)
...I use plugins along with Unbound as my system resolver.
Going to https://bad-sig.dane.verisignlabs.com/ will first try to resolve it through set resolver, and if it fails, it tries again by connecting to root NS (root-servers.net)
There should be option to disable the extension, to use other than set resolver (then it can be used to test system resolver settings)
Issue exists in both binaries (dnssec-plug and dane-plug)
My system is Chrome Canary (version 40), OSX 10.9.5 2.3.0https://gitlab.nic.cz/labs/dnssec-validator/-/issues/51AS: plugin's NPAPI methods can not be loaded in Safari 8.0 - OS X Yosemite2017-11-17T22:57:26+01:00Martin StrakaAS: plugin's NPAPI methods can not be loaded in Safari 8.0 - OS X YosemiteMay be: Safari 8.0 has bug with loading of NAPAI modules. More info is here.
https://forums.lastpass.com/viewtopic.php?f=7&t=148265&p=496215&hilit=NPAPI
Based on the last info, Safari 8.x and latest does not support NPAPI. The supp...May be: Safari 8.0 has bug with loading of NAPAI modules. More info is here.
https://forums.lastpass.com/viewtopic.php?f=7&t=148265&p=496215&hilit=NPAPI
Based on the last info, Safari 8.x and latest does not support NPAPI. The support for this browser will be stopped.
GOOD NEW: The support for this browser will be continuous.
on the back burnerMartin StrakaMartin Strakahttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/50Better warning on validation failure2017-11-17T22:57:26+01:00Ghost UserBetter warning on validation failureIt would be nice if there would be an option to have a proper warning on DNSSEC/TLSA validation failure.
The icons can be easily overlooked.
Some kind of a confirmation dialog requiring explicit user input before allowing the user to d...It would be nice if there would be an option to have a proper warning on DNSSEC/TLSA validation failure.
The icons can be easily overlooked.
Some kind of a confirmation dialog requiring explicit user input before allowing the user to do anything else would be great.2.3.0https://gitlab.nic.cz/labs/dnssec-validator/-/issues/49Windows IE version C++ redistributable dependency check - SOLVED2017-11-17T22:57:26+01:00Ghost UserWindows IE version C++ redistributable dependency check - SOLVEDOn a WinXP 32 bit system without Microsoft Visual C++ 2010 Redistributable Package installed the installation works fine but the plugin doesn't show up in IE8.
Calling the RegPlugin.bat manually results in the following error:
LoadLibr...On a WinXP 32 bit system without Microsoft Visual C++ 2010 Redistributable Package installed the installation works fine but the plugin doesn't show up in IE8.
Calling the RegPlugin.bat manually results in the following error:
LoadLibrary("ie-dnssec-tlsa-validator.dll") failed - The specified module could not be found.
A note on the download page or a check during the installation would be nice.
If someone has this problem:
Install the c++ redistributable (vcredist_x86.exe) and uninstall/reinstall the validator.
Tested with ie-dnssec-tlsa-validator-2.2.0-windows.exeon the back burnerMartin StrakaMartin Strakahttps://gitlab.nic.cz/labs/tablexia-old/-/issues/301Přechod mezi kanceláří a Lupičema - přidat zeď, schody nebo něco podobného2017-10-29T00:26:47+02:00Andrea ŠíchováPřechod mezi kanceláří a Lupičema - přidat zeď, schody nebo něco podobnéhoPotomhttps://gitlab.nic.cz/labs/tablexia-old/-/issues/300Přechod mezi Únosem a Hlídkou nesedí2017-10-29T00:26:47+02:00Andrea ŠíchováPřechod mezi Únosem a Hlídkou nesedíPotomhttps://gitlab.nic.cz/labs/tablexia-old/-/issues/282Statistiky - sloučení grafů obtížností2017-10-29T00:26:47+02:00Andrea ŠíchováStatistiky - sloučení grafů obtížnostínavrhnout nějaká řešení sloučení všech tří obtížností do jednoho grafunavrhnout nějaká řešení sloučení všech tří obtížností do jednoho grafuPotomhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/48OS X chromium plugin scripts (tlsa and dnssec) fail to install their respecti...2017-11-17T22:57:27+01:00Ghost UserOS X chromium plugin scripts (tlsa and dnssec) fail to install their respective coresThis issue affects both tlsa and dnssec installation scripts.
Browsers installed:
- Google Chrome (stable) 37.0.2062.124
- Google Chrome Canary 40.0.2173.0
- Chromium (stable) 37.0.2062.124 (281580)
Platform:
- 10.9.5 (13F3...This issue affects both tlsa and dnssec installation scripts.
Browsers installed:
- Google Chrome (stable) 37.0.2062.124
- Google Chrome Canary 40.0.2173.0
- Chromium (stable) 37.0.2062.124 (281580)
Platform:
- 10.9.5 (13F34)
Usage:
mkdir $TMPDIR/dnssec-validator-tmp
cd $TMPDIR/dnssec-validator-tmp
curl -LsO https://secure.nic.cz/files/dnssec-validator/2.2.0/dnssec-plugin-2.2.0.x-macosx.sh
chmod +x dnssec-plugin-2.2.0.x-macosx.sh
./dnssec-plugin-2.2.0.x-macosx.sh
Result:
Cannot install chromium extension on OS X.
A CRX file has been created in the current directory.
-n You may now install the file '/var/folders/z3/dwlmgt356wv9gyshgyyvd3bw0000gn/T/jjj/dnssec-pkg.crx' into those browsers:
-n 'Google Chrome'
-e 1) Run the browser.
-e 2) Open the page chrome://extensions/ .
-e 3) Drag and drop the CRX file into the page and accept the notification.
-e 4) Restart the browser.
Installing the resulting CRX and restarting the browser (for example, Opera) the settings pane always displays the following error:
The DNSSEC validating core could not be initialised. Please install the DNSSEC validating core in the version matching this extension and then restart your browser.
This seems to indicate the core was not installed, however it is unclear what did or did not happen.
(Minor note: `-e` and `-n` output are bashishms)2.3.0Karel SlanýKarel Slanýhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/47CRITICAL! - Firefox somtimes crashes when "DNSSEC/TLSA Validator" extension ...2017-11-17T22:57:27+01:00kolAflashCRITICAL! - Firefox somtimes crashes when "DNSSEC/TLSA Validator" extension is installedFirefox sometimes crashes when extension is installed.
I followed these instructions and completely deleted the extension, restarted Firefox, deleted all "extensions.dnssec.*" keys in "about:config" and restarted again before installi...Firefox sometimes crashes when extension is installed.
I followed these instructions and completely deleted the extension, restarted Firefox, deleted all "extensions.dnssec.*" keys in "about:config" and restarted again before installing version 2.1.2 of the " DNSSEC/TLSA Validator" extension.
https://addons.mozilla.org/de/firefox/addon/dnssec-validator/#detail-relnotes
Software used:
OS: openSUSE 13.1 Linux (x86_64)
Firefox version 32.0 by openSUSE (x86_64)
DNSSEC/TLSA Validator version 2.1.2 (also tried version 2.2.0.1)
Another reports:
1) I've recently had to disable DNSSEC/TLSA validator (v2.2.0.1) when running in Firefox 36.0.4 'cos it seems to cause FF to repeatedly crash. Some more detail: I looked at page "about:crashes" in Firefox and picked out a couple of crash reports - the most recent and one a week ago. What they had in common was the crash reason: EXCEPTION_ACCESS_VIOLATION_READ, and the following dll highlighted in red as a possible culprit: libDNSSECcore-WINNT-x86.dll. I guessed that this might be used by the FF plugin DNSSEC/TLSA validator (v2.2.0.1). So disabled that plugin. Firefox then stopped crashing. Are the developers maintaining this plugin? If so, will they address this problem? I should say, that when the plugin worked, it was of little use to me - so turning it off was no sacrifice.
2) DNSSEC/TLSA Validator 2.2.0.1 Addon for Firefox browser causes a Firefox (version 36.0) crash if You close Firefox before a web page is fully loaded. It's always a plugin-container error.
2.3.0Karel SlanýKarel Slanýhttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/46MF: nsICache has been removed2017-11-17T22:57:27+01:00Martin StrakaMF: nsICache has been removedhttp://www.janbambas.cz/http-cache-v1-api-disabled/
https://developer.mozilla.org/cs/docs/HTTP_Cache
commit c286e317951e144bd31e33e1e6c173d9a0f9a00fhttp://www.janbambas.cz/http-cache-v1-api-disabled/
https://developer.mozilla.org/cs/docs/HTTP_Cache
commit c286e317951e144bd31e33e1e6c173d9a0f9a00fon the back burnerMartin StrakaMartin Strakahttps://gitlab.nic.cz/labs/dnssec-validator/-/issues/43TLSA validation fails on https://adisspr.mfcr.cz/2017-11-17T22:57:27+01:00Karel SlanýTLSA validation fails on https://adisspr.mfcr.cz/The TLSA validation fails with the statement that the domain isn't secured with DNSSEC.
Libunbound returns secured=false nxdomain=true response.The TLSA validation fails with the statement that the domain isn't secured with DNSSEC.
Libunbound returns secured=false nxdomain=true response.on the back burnerKarel SlanýKarel Slaný