querylog format
Jeff Peng
pengyh at inbox.com
Tue Jun 7 05:32:45 UTC 2011
Thanks michael.
That's right for me.
> -----Original Message-----
> From: michael at rancid.berkeley.edu
> Sent: Mon, 06 Jun 2011 20:41:03 -0700
> To: pengyh at inbox.com
> Subject: Re: querylog format
>
> On 6/6/11 8:09 PM, Jeff Peng wrote:
>> Hello,
>>
>> The querylog of BIND in my hosts is like:
>>
>> client 58.240.56.18#16768: query: s18.mhxx.game.yy.com IN A -EDC
>>
>> For the last part, I know the '-' means non-recursion,'E' means EDNS.
>> But what are the 'D' and 'C' flags?
>
> D = DO (DNSSEC Okay), client is requesting DNSSEC records and AD bit set
> if server is doing validation and can validate the zone
>
> C = CD (Checking Disabled), client does not want the server to do
> validation on the response, but to return it regardless.
>
> Although setting both flags sounds contradictory, it makes some sense
> where a validating forwarding resolver wants to do its own validation
> and enforce its own policy for dealing with valid/insecure/bogus zones.
>
> michael
____________________________________________________________
FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop!
Check it out at http://www.inbox.com/earth
More information about the bind-users
mailing list