parental-agent, emtpy DS response ?

[Anders Löwinger]

On 2023-01-07 22:22, Mark Andrews wrote:
> I suspect the problem is that the request does not have RD=1 and you are talking to
> recursive servers.

I changed parental-agents to one of the .SE DNS servers.

Jan 07 22:26:48 dns-signer2 named[3428351]: keymgr: checkds DS for key 
lowinger.se/ECDSAP384SHA384/59647 seen published at Sat Jan  7 22:26:48 
2023

Thanks!


> The following should work except where the authoritative server
> does not implement DNS properly and rejects recursive queries rather than just treating
> the request as not recursive.
>
> diff --git a/lib/dns/zone.c b/lib/dns/zone.c
> index eab42bf8c0e..5b62fa8dc95 100644
> --- a/lib/dns/zone.c
> +++ b/lib/dns/zone.c
> @@ -20704,6 +20704,7 @@ checkds_createmessage(dns_zone_t *zone, dns_message_t **messagep) {
>   
>          message->opcode = dns_opcode_query;
>          message->rdclass = zone->rdclass;
> +       message->flags |= DNS_MESSAGEFLAG_RD;
>   
>          dns_message_gettempname(message, &tempname);

Any reason not making this default?

I don't want to track upstream nameservers... Asking my trusted 
resolvers is much easier :)


-- 
Regards / Med vänlig hälsning
Anders Löwinger, CEO, Abundo AB, +46 72 206 0322