• Welcome to The Network People Support Forums. Please login or sign up.

NicTool 2.12 release

Started by matt, January 05, 2012, 07:44:38 am

Previous topic - Next topic

matt

Hi Christian,

Please post an example or two of the DKIM records that *should* be allowed but currently are not.

If you want to help me and speed up the process, provide:

  • example RRs that are valid (to add to NicToolServer's test suite)

  • pointers to the relevant RFC which demonstrate the validity of the example records



My goal for NicTool is to allow every valid DNS RR, and to reject every invalid one. RFC 1035 is fairly old, fairly strict, and there's already a bunch of exceptions codified into NicTool. I imagine there's more lurking.

matt

Can you provide me with a browser/OS combo that exhibits this behavior?  I always get redirected to the NicTool login page.

Christian Adler

Hi Matt,

I used the DKIM-Creationtool from http://www.dnswatch.info/dkim/create-dns-record and build an example for tnpi.net :-)

mail2012._domainkey.tnpi.net IN TXT "v=DKIM1; p=-----BEGINPUBLICKEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTOTS2cqE974AL+M1JZkSWZR+WkRuaKBm++h/h29sO4XCsK/OpIVHh6pvlu0I4LHEKxkJTffz5Uz8X9BqAlW26HL1JC5oX3jPkvA/S+2QZlj+zOWTMDEU8/h+H9cyDb9qrdOfzE0B0Zv2DsXmmgABQcN5VsYaATMrPSzVDTmDgQIDAQAB-----ENDPUBLICKEY-----; t=y"


The official RFC: 6376

Please have a look at 3.6.2.1:

3.6.2.1. Namespace

   All DKIM keys are stored in a subdomain named "_domainkey".  Given a
   DKIM-Signature field with a "d=" tag of "example.com" and an "s=" tag
   of "foo.bar", the DNS query will be for
   "foo.bar._domainkey.example.com".


Cheers
Christian

matt


matt

This may help:

https://github.com/msimerson/NicTool/commit/f4c1ab908d7e9eae86fea9f68d6088d86aebce54

As I said before, it works for me. If this doesn't fix it for you, provide me with enough details that I can replicate the problem.

Christian Adler

Thanks for the quick service :-)


Do you intend to release a new version with all the patches included?


Cheers
Christian

matt

You bet. I'd like to track down the Apache 500 problem you have as well.  As soon as I have a patch for that applied, I'll roll up 2.13 and release.

Christian Adler

Hmmmm

Just replicate this problem with:

MacOSX 10.7.2
Firefox 9.0.1


Now I will apply your patches and report the result to you.


Cheers
Christian

Christian Adler

Hi Matt,

I want to search for a record in a selected zone, there is no matching record (exact match is NOT marked).

This is the result:

     Illegal modulus zero at /var/httpd/servers/dns.gay-web.de/NicToolClient/lib/NicToolClient.pm line 628.


Could you please recheck this fact?


Cheers
Christian

Christian Adler


matt


Christian Adler

Thanks !!

This patch is already included in 2.13 ?


Cheers
Christian

matt