ad flag for RRSIG queries
Chris Thompson
cet1 at cam.ac.uk
Wed Jul 14 11:52:00 UTC 2010
On Jul 13 2010, Doug Barton wrote:
>On Tue, 13 Jul 2010, Marco Davids (SIDN) wrote:
>
>> Hi,
>>
>> Can anyone explain to me why the 'ad'-flag is set for this query?
>>
>> dig +dnssec -t RRSIG www.forfunsec.org
>
>I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
>version of BIND are you using?
With 9.7.1-P1 (and a trust anchor for dlv.isc.org) on a local workstation
dig +dnssec -t RRSIG www.forfunsec.org @127.0.0.1
initially times out. But after doing
dig +dnssec -t ANY www.forfunsec.org @127.0.0.1
the same command reports the three RRSIG records (for A, AAAA and SSHFP
types) that got into its cache, and it does set the "ad" bit in that
response.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list