On Wed, 14 Jul 2010, Marco Davids (SIDN) wrote:
On 07/13/10 23:58, Doug Barton wrote:
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you using?
Hi Doug,
I use BIND 9.7.0rc1, configured to work with the IANA testbed.
You shouldn't use release candidates after the release is done. :)
I'd be interested to see what happens if you upgrade to the latest
versions in each branch (the 9.7.x server above, and the 9.6.x below).
What you're seeing sounds like a bug, hopefully one that's been fixed
(as it seems to be in 9.7.1-P1).
Doug
dig +dnssec rrsig www.forfunsec.org @149.20.64.20
has the AD flag too, though. It run's BIND 9.6.1-P2. (DNS-OARC
validating resolvers),
The other one, 149.20.64.21, doesn't have it (Unbound)
Regards
--
Marco
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
Computers are useless. They can only give you answers.
-- Pablo Picasso
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
