How to get AD flag
bramesh80 at gmail.com
Fri Aug 2 05:48:25 UTC 2013
This the response i get
dig +short rs.dns-oarc.net txt @<forwarderip>
"18.104.22.168 sent EDNS buffer size 4096"
"22.214.171.124 DNS reply size limit is at least 3843 bytes"
On Fri, Aug 2, 2013 at 11:11 AM, David Newman <dnewman at networktest.com>wrote:
> On 8/1/13 10:19 PM, rams wrote:
> > I have 9.7 bind installed and configured recursive. When i query
> > against forwader i am not getting AD flag but remaining answer is
> > correct for signed query. Could you please guide me how to get AD flag.
> > Already i have enabled dnssec-validation and dnssec-enabled.
> It's possible your forwarder has a bug that doesn't return DNSSEC
> responses (this is the case with one of our registrars' secondaries), or
> there may be a network problem.
> Try the dns-oarc reply size test against your forwarder:
> $ dig +short rs.dns-oarc.net txt @address_of_your_forwarder
> DNSSEC nameservers should not truncate or fragment responses, and should
> support EDNS and UDP and TCP responses. Fix any problems here first
> before doing DNSSEC debugging.
> You might also try querying other nameservers (e.g., Google's at
> 126.96.36.199) and check the flags there.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users