Closed ProgrammerBruce closed 9 months ago
Thanks for the feedback and the scare. I tested it and you are right that the hashes do not match. But, the files on the server when downloaded via SSH did match the published hash.
Further checking the issue it was found that the nginx web server config was causing it due to the gzip_types *
directive. When gzip was turned off, the downloaded file hash matched the one that was published. Checked the files again and looks like when gzip is on, nginx would decompress the tar.gz
file and then gzip the tar
again by itself which caused the hash to change. This affected all gz
file downloads on the web server.
So, updated the config to gzip only specific types instead of all types and its working well. Do test it again to confirm.
Confirmed: Hashes between main site download, archive download, and main site page text all match: e912a8347dc6ba81069d5aa807ad16729499bca8ecb035b6345d93dd7e02b185
As of 2024-01-24, the website https://technitium.com/dns/ lists version 11.5.3 for download. The link to download DnsServerPortable.tar.gz matches version 11.5.3 from the https://download.technitium.com/dns/archive/ listing, verified via SHA256 hash. The website lists that the SHA256 hash for DnsServerPortable.tar.gz version 11.5.3 is: E912A8347DC6BA81069D5AA807AD16729499BCA8ECB035B6345D93DD7E02B185 The actual SHA256 hash for the current DnsServerPortable.tar.gz version 11.5.3 is: d2f0d758c80fe9a53d60dc612af0494d1ece1617d187e1fa2231175589514dbe
As listed on the website, the SHA256 hash starting E912 does not match any of the 11.5.? versions of DnsServerPortable.tar.gz as available via the archive listing.
(VirusTotal lists clean scans for files with both of these hashes.)