On Thu, Jan 11, 2018 at 3:39 AM, Darren Tucker <dtucker@xxxxxxxxxxx> wrote: > On 11 January 2018 at 07:12, Jonathan Duncan <jonathan@xxxxxxxxxx> wrote: > > I have been running openSSH 7.4p1 for a while now. When I upgraded to > 7.5 a > > year or so ago I ran into the problem listed in this bug report: > > Upgraded how? Built yourself? Configured with which options and > which version of LDNS? > > I am on a Mac using Homebrew for package management. > > 7.4p1 > > debug2: ldns: got 1 answers from DNS > > Note the "ldns:" line. This one is built with LDNS. > > Noted > > 7.6p1 > > > > debug3: verify_host_key_dns > > Note the lack of the ldns: line. I suspect this one is not built with > LDNS. You can confirm this with ldd, you should see something like: > > Good catch. You are correct. Apparently the current versions have removed the ldns option due to a version conflict with openssl@1.1 ldd does not apply here since I am using Homebrew. Though building my own from source is certainly an option. I suspect it's something else. I'd check config.h and your build logs > to make sure LDNS was actually enabled as you expect. > > Yes, it is something else. Thank you for the assistance. I will take it from here. > > Is anyone else having the same problem? (Is anyone else using > SSHFP/DNSSEC?) > > I just set up DNSSEC for my domain and built 7.6p1 with LDNS 1.7.0 and > it worked. > I am glad to hear it! At my office we quite enjoy the benefits of DNSSEC. Cheers! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev