Disco verification:
First, reproducing the bug: ubuntu@disco-bind-1825712:~$ apt-cache policy bind9 bind9: Installed: 1:9.11.5.P1+dfsg-1ubuntu2.3 Candidate: 1:9.11.5.P1+dfsg-1ubuntu2.3 Version table: *** 1:9.11.5.P1+dfsg-1ubuntu2.3 500 500 http://br.archive.ubuntu.com/ubuntu disco-updates/main amd64 Packages
Offline test: ubuntu@disco-bind-1825712:~$ dnssec-keygen -a ED25519 example.com dnssec-keygen: fatal: unsupported algorithm: 15
Online test returns "unsigned answer", as expected: ubuntu@disco-bind-1825712:~$ delv +dnssec +multiline @127.0.0.1 ed25519.nl ;; validating ed25519.nl/A: no valid signature found ; unsigned answer ed25519.nl. 3600 IN A 77.72.150.82 ed25519.nl. 3200171710 IN RRSIG A 15 2 3600 ( 20190523000000 20190502000000 27662 ed25519.nl. 3y59a9G5rk/CMh36BPqonn2NjILp12SDmeQGloaUD5go e5A+Q6TsD7fDU9Bj3DtP6SqBturCFCxcUDzLeCp4AQ== )
Now with the updated packages: ubuntu@disco-bind-1825712:~$ apt-cache policy bind9 bind9: Installed: 1:9.11.5.P1+dfsg-1ubuntu2.4 Candidate: 1:9.11.5.P1+dfsg-1ubuntu2.4 Version table: *** 1:9.11.5.P1+dfsg-1ubuntu2.4 500 500 http://br.archive.ubuntu.com/ubuntu disco-proposed/main amd64 Packages
Offline test succeeds: ubuntu@disco-bind-1825712:~$ dnssec-keygen -a ED25519 example.com Generating key pair. Kexample.com.+015+18445
Online test returns "fully validated": ubuntu@disco-bind-1825712:~$ delv +dnssec +multiline @127.0.0.1 ed25519.nl ; fully validated ed25519.nl. 3600 IN A 77.72.150.82 ed25519.nl. 3600 IN RRSIG A 15 2 3600 ( 20190523000000 20190502000000 27662 ed25519.nl. 3y59a9G5rk/CMh36BPqonn2NjILp12SDmeQGloaUD5go e5A+Q6TsD7fDU9Bj3DtP6SqBturCFCxcUDzLeCp4AQ== )
Disco verification succeeded.
Disco verification:
First, reproducing the bug: disco-bind- 1825712: ~$ apt-cache policy bind9 5.P1+dfsg- 1ubuntu2. 3 5.P1+dfsg- 1ubuntu2. 3 5.P1+dfsg- 1ubuntu2. 3 500 br.archive. ubuntu. com/ubuntu disco-updates/main amd64 Packages
ubuntu@
bind9:
Installed: 1:9.11.
Candidate: 1:9.11.
Version table:
*** 1:9.11.
500 http://
Offline test: disco-bind- 1825712: ~$ dnssec-keygen -a ED25519 example.com
ubuntu@
dnssec-keygen: fatal: unsupported algorithm: 15
Online test returns "unsigned answer", as expected: disco-bind- 1825712: ~$ delv +dnssec +multiline @127.0.0.1 ed25519.nl CMh36BPqonn2NjI Lp12SDmeQGloaUD 5go Q6TsD7fDU9Bj3Dt P6SqBturCFCxcUD zLeCp4AQ= = )
ubuntu@
;; validating ed25519.nl/A: no valid signature found
; unsigned answer
ed25519.nl. 3600 IN A 77.72.150.82
ed25519.nl. 3200171710 IN RRSIG A 15 2 3600 (
20190523000000 20190502000000 27662 ed25519.nl.
3y59a9G5rk/
e5A+
Now with the updated packages: disco-bind- 1825712: ~$ apt-cache policy bind9 5.P1+dfsg- 1ubuntu2. 4 5.P1+dfsg- 1ubuntu2. 4 5.P1+dfsg- 1ubuntu2. 4 500 br.archive. ubuntu. com/ubuntu disco-proposed/main amd64 Packages
ubuntu@
bind9:
Installed: 1:9.11.
Candidate: 1:9.11.
Version table:
*** 1:9.11.
500 http://
Offline test succeeds: disco-bind- 1825712: ~$ dnssec-keygen -a ED25519 example.com com.+015+ 18445
ubuntu@
Generating key pair.
Kexample.
Online test returns "fully validated": disco-bind- 1825712: ~$ delv +dnssec +multiline @127.0.0.1 ed25519.nl CMh36BPqonn2NjI Lp12SDmeQGloaUD 5go Q6TsD7fDU9Bj3Dt P6SqBturCFCxcUD zLeCp4AQ= = )
ubuntu@
; fully validated
ed25519.nl. 3600 IN A 77.72.150.82
ed25519.nl. 3600 IN RRSIG A 15 2 3600 (
20190523000000 20190502000000 27662 ed25519.nl.
3y59a9G5rk/
e5A+
Disco verification succeeded.