ad flag for RRSIG queries
Kalman Feher
kalman.feher at melbourneit.com.au
Wed Jul 14 13:51:03 UTC 2010
Using the ORG trust anchor from the ITAR yields the following result on
9.7.1 (no P1 patch). No initial time out.
# dig +dnssec -t RRSIG www.forfunsec.org
; <<>> DiG 9.7.1 <<>> +dnssec -t RRSIG www.forfunsec.org
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
; EDNS: version: 0, flags:; udp: 1280
;www.forfunsec.org. IN RRSIG
www.forfunsec.org. 3599 IN RRSIG A 7 3 3600 20100813101841
20100714101841 50402 forfunsec.org.
Gkk25aX2wRSwwEqAvazUqmdWXW9P7iW/j2LcRbuUnJnEleQYr2OWuLNf
60spJ2xFI7zD10DQcgXBnjU4lf4qozOd9w9iNzzAqFOyZ5EftSv0j2Go
BZZQWAztx/JLoFyLC8EkygySl4APxWTxbb5J4FWyMuSRlG392DBDL/GS 4FI=
www.forfunsec.org. 3599 IN RRSIG AAAA 7 3 36000
20100813101841 20100714101841 50402 forfunsec.org.
ixahCFi//d5CBf0ScxkwcYSCZv+RhfckdVscoVLxov6BGQ8F+skuy/AS
WB69Dt9Q5uKjFGPNLmAnBbLL+f5ShQ/0VXAoyHCKRtiBofNFDK19VfvI
y03pKjRYhAewZq5ztNzmMWH6pI014l4t6FX+Axj0dRWown6Ep0+MRYJF pGg=
www.forfunsec.org. 3599 IN RRSIG SSHFP 7 3 86400
20100813101841 20100714101841 50402 forfunsec.org.
diOATJqAlbwIljg6ZcFxpsMPObTo8wmXyMORzZxErWxnFbpcks+ePx1t
cmxKvmTKTGJ15yVab6aV+BLbxKwpIHeXLttBvWVH49twAeQrurnHmOfE
UPSUzxu7bpG2czbNXk2bKuG8MyRC6Oep50sY1/ZdzAv0PN6BUokEAyJG PvQ=
On 14/07/10 3:34 PM, "Tony Finch" <dot at dotat.at> wrote:
> On Wed, 14 Jul 2010, Chris Thompson wrote:
>>
>> With 9.7.1-P1 (and a trust anchor for dlv.isc.org) on a local workstation
>>
>> dig +dnssec -t RRSIG www.forfunsec.org @127.0.0.1
>>
>> initially times out. But after doing
>>
>> dig +dnssec -t ANY www.forfunsec.org @127.0.0.1
>>
>> the same command reports the three RRSIG records (for A, AAAA and SSHFP
>> types) that got into its cache, and it does set the "ad" bit in that
>> response.
>
> I see the same for bind-9.7.1.
>
> Was a release announcement sent out for 9.7.1-P1? We didn't receive one here.
>
> Tony.
--
Kal Feher
More information about the bind-users
mailing list