Question regarding delv and custom local trust anchor
Evan Hunt
each at isc.org
Thu Jun 8 22:20:26 UTC 2023
On Thu, Jun 08, 2023 at 07:57:12PM +0000, Evan Hunt wrote:
> So, I'm guessing systemd-resolved is choking on the EDNS COOKIE option.
> This needs to be reported as a bug to the systemd maintainers. And, maybe
> delv should have a +nocookie option.
Hmm, on further inspection, I was wrong about this - the COOKIE isn't the
problem. It seems to be sending back NOTIMP if you specify the CD and DO
bits (i.e., +cd and +dnssec) in the same query.
I had added the +cd flag to the query because I was seeing SERVFAIL on a
query for the .org DS record. I guessed that this was caused by an upstream
validation problem, and I may have been right about that, but we can't
bypass it with +cd because of this NOTIMP bug.
So... I'm not sure what the specific problem is now, but the general
problem does appear to be systemd-resolved.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list