Dear Turris testers,
we just released Turris OS 3.7.4 into RC branch. It is already tested but we would like to test it more
It fixes a critical DNSSEC flaw. Signatures might be accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it, assuming the trust chain to that DNSKEY was valid.
The whole Turris team wishes you happy testing and we are looking forward to reading your feedback!
No, currently it doesn’t work. It used to be blocked by non-support of the platform by luajit; that might be solved by recent changes on their master, but we haven’t verified that yet.