ad flag for RRSIG queries
Doug Barton
dougb at dougbarton.us
Tue Jul 13 22:43:24 UTC 2010
On Wed, 14 Jul 2010, Marco Davids (SIDN) wrote:
> On 07/13/10 23:58, Doug Barton wrote:
>
>>> Can anyone explain to me why the 'ad'-flag is set for this query?
>>>
>>> dig +dnssec -t RRSIG www.forfunsec.org
>>
>> I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
>> version of BIND are you using?
>>
>
> Hi Doug,
>
> I use BIND 9.7.0rc1, configured to work with the IANA testbed.
You shouldn't use release candidates after the release is done. :)
I'd be interested to see what happens if you upgrade to the latest
versions in each branch (the 9.7.x server above, and the 9.6.x below).
What you're seeing sounds like a bug, hopefully one that's been fixed
(as it seems to be in 9.7.1-P1).
Doug
> dig +dnssec rrsig www.forfunsec.org @149.20.64.20
>
> has the AD flag too, though. It run's BIND 9.6.1-P2. (DNS-OARC
> validating resolvers),
>
> The other one, 149.20.64.21, doesn't have it (Unbound)
>
> Regards
>
> --
> Marco
>
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
Computers are useless. They can only give you answers.
-- Pablo Picasso
More information about the bind-users
mailing list