ad flag for RRSIG queries

Marco Davids (SIDN) marco.davids at sidn.nl
Wed Jul 14 08:49:40 UTC 2010


On 07/14/10 00:43, Doug Barton wrote:

>>>> Can anyone explain to me why the 'ad'-flag is set for this query?
>>>>
>>>> dig +dnssec -t RRSIG www.forfunsec.org
>>>
>> I use BIND 9.7.0rc1, configured to work with the IANA testbed.

> I'd be interested to see what happens if you upgrade to the latest
> versions in each branch (the 9.7.x server above
> What you're seeing sounds like a bug, hopefully one that's been fixed
> (as it seems to be in 9.7.1-P1).

I just upgraded one machine to 9.7.1-P1 (configured to use DLV).

Same result...

; <<>> DiG 9.7.1-P1 <<>> +dnssec rrsig www.iis.se @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48545
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.iis.se.			IN	RRSIG

;; ANSWER SECTION:
www.iis.se.		6	IN	RRSIG	A 5 3 60 20100723102502 20100713102502 3932
iis.se. MF5Qq5yBzQ+ZvDvcfGBoVn6ym3EzCOVVqQY2ghVxBoSCQ9Hrh1/0nOj9
39Mr5incAefjg0mXSSvDo9WqFUm1cqUcQ4UJuOoT7VzDiC2OilAxr2xe
fo6pivkNlHGIPzbXjSrq65292YIKgQnPXleTtH4HepUmn6bESQI/ioaB 9xk=

;; AUTHORITY SECTION:
iis.se.			3545	IN	NS	ns2.nic.se.
iis.se.			3545	IN	NS	ns.nic.se.
iis.se.			3545	IN	NS	ns3.nic.se.
iis.se.			3545	IN	RRSIG	NS 5 2 3600 20100723102502 20100713102502 3932
iis.se. JRJ11qCnEFgVFY0ZDfevfd7Colywb7tlgFXWXOjq0ikqCX8lvcIBKbik
RQ+NqwBsHE4aa4E9QLVaruFTg+5tYIKWdonDjk8Kon+8f4oAf9cy9Yjs
Ldg0N6wa2HsTlHAq+EdlvXKgZvs8qCkY87iwkVLqn0bp704yacQhVKIQ yXA=

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 14 04:46:41 2010
;; MSG SIZE  rcvd: 428


dig +short chaos txt version.bind @localhost
"9.7.1-P1"

--
Marco




More information about the bind-users mailing list