parental-agent, emtpy DS response ?
Anders Löwinger
anders at abundo.se
Sat Jan 7 21:41:29 UTC 2023
On 2023-01-07 22:22, Mark Andrews wrote:
> I suspect the problem is that the request does not have RD=1 and you are talking to
> recursive servers.
I changed parental-agents to one of the .SE DNS servers.
Jan 07 22:26:48 dns-signer2 named[3428351]: keymgr: checkds DS for key
lowinger.se/ECDSAP384SHA384/59647 seen published at Sat Jan 7 22:26:48
2023
Thanks!
> The following should work except where the authoritative server
> does not implement DNS properly and rejects recursive queries rather than just treating
> the request as not recursive.
>
> diff --git a/lib/dns/zone.c b/lib/dns/zone.c
> index eab42bf8c0e..5b62fa8dc95 100644
> --- a/lib/dns/zone.c
> +++ b/lib/dns/zone.c
> @@ -20704,6 +20704,7 @@ checkds_createmessage(dns_zone_t *zone, dns_message_t **messagep) {
>
> message->opcode = dns_opcode_query;
> message->rdclass = zone->rdclass;
> + message->flags |= DNS_MESSAGEFLAG_RD;
>
> dns_message_gettempname(message, &tempname);
Any reason not making this default?
I don't want to track upstream nameservers... Asking my trusted
resolvers is much easier :)
--
Regards / Med vänlig hälsning
Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
More information about the bind-users
mailing list