ad flag for RRSIG queries
Marco Davids (SIDN)
marco.davids at sidn.nl
Wed Jul 14 08:49:40 UTC 2010
On 07/14/10 00:43, Doug Barton wrote:
>>>> Can anyone explain to me why the 'ad'-flag is set for this query?
>>>>
>>>> dig +dnssec -t RRSIG www.forfunsec.org
>>>
>> I use BIND 9.7.0rc1, configured to work with the IANA testbed.
> I'd be interested to see what happens if you upgrade to the latest
> versions in each branch (the 9.7.x server above
> What you're seeing sounds like a bug, hopefully one that's been fixed
> (as it seems to be in 9.7.1-P1).
I just upgraded one machine to 9.7.1-P1 (configured to use DLV).
Same result...
; <<>> DiG 9.7.1-P1 <<>> +dnssec rrsig www.iis.se @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48545
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.iis.se. IN RRSIG
;; ANSWER SECTION:
www.iis.se. 6 IN RRSIG A 5 3 60 20100723102502 20100713102502 3932
iis.se. MF5Qq5yBzQ+ZvDvcfGBoVn6ym3EzCOVVqQY2ghVxBoSCQ9Hrh1/0nOj9
39Mr5incAefjg0mXSSvDo9WqFUm1cqUcQ4UJuOoT7VzDiC2OilAxr2xe
fo6pivkNlHGIPzbXjSrq65292YIKgQnPXleTtH4HepUmn6bESQI/ioaB 9xk=
;; AUTHORITY SECTION:
iis.se. 3545 IN NS ns2.nic.se.
iis.se. 3545 IN NS ns.nic.se.
iis.se. 3545 IN NS ns3.nic.se.
iis.se. 3545 IN RRSIG NS 5 2 3600 20100723102502 20100713102502 3932
iis.se. JRJ11qCnEFgVFY0ZDfevfd7Colywb7tlgFXWXOjq0ikqCX8lvcIBKbik
RQ+NqwBsHE4aa4E9QLVaruFTg+5tYIKWdonDjk8Kon+8f4oAf9cy9Yjs
Ldg0N6wa2HsTlHAq+EdlvXKgZvs8qCkY87iwkVLqn0bp704yacQhVKIQ yXA=
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 14 04:46:41 2010
;; MSG SIZE rcvd: 428
dig +short chaos txt version.bind @localhost
"9.7.1-P1"
--
Marco
More information about the bind-users
mailing list