On 07/14/10 00:43, Doug Barton wrote: >>>> Can anyone explain to me why the 'ad'-flag is set for this query? >>>> >>>> dig +dnssec -t RRSIG www.forfunsec.org >>> >> I use BIND 9.7.0rc1, configured to work with the IANA testbed.
> I'd be interested to see what happens if you upgrade to the latest > versions in each branch (the 9.7.x server above > What you're seeing sounds like a bug, hopefully one that's been fixed > (as it seems to be in 9.7.1-P1). I just upgraded one machine to 9.7.1-P1 (configured to use DLV). Same result... ; <<>> DiG 9.7.1-P1 <<>> +dnssec rrsig www.iis.se @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48545 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;www.iis.se. IN RRSIG ;; ANSWER SECTION: www.iis.se. 6 IN RRSIG A 5 3 60 20100723102502 20100713102502 3932 iis.se. MF5Qq5yBzQ+ZvDvcfGBoVn6ym3EzCOVVqQY2ghVxBoSCQ9Hrh1/0nOj9 39Mr5incAefjg0mXSSvDo9WqFUm1cqUcQ4UJuOoT7VzDiC2OilAxr2xe fo6pivkNlHGIPzbXjSrq65292YIKgQnPXleTtH4HepUmn6bESQI/ioaB 9xk= ;; AUTHORITY SECTION: iis.se. 3545 IN NS ns2.nic.se. iis.se. 3545 IN NS ns.nic.se. iis.se. 3545 IN NS ns3.nic.se. iis.se. 3545 IN RRSIG NS 5 2 3600 20100723102502 20100713102502 3932 iis.se. JRJ11qCnEFgVFY0ZDfevfd7Colywb7tlgFXWXOjq0ikqCX8lvcIBKbik RQ+NqwBsHE4aa4E9QLVaruFTg+5tYIKWdonDjk8Kon+8f4oAf9cy9Yjs Ldg0N6wa2HsTlHAq+EdlvXKgZvs8qCkY87iwkVLqn0bp704yacQhVKIQ yXA= ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 14 04:46:41 2010 ;; MSG SIZE rcvd: 428 dig +short chaos txt version.bind @localhost "9.7.1-P1" -- Marco _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
