On Jul 13 2010, Doug Barton wrote:
On Tue, 13 Jul 2010, Marco Davids (SIDN) wrote:
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you using?
With 9.7.1-P1 (and a trust anchor for dlv.isc.org) on a local workstation
dig +dnssec -t RRSIG www.forfunsec.org @127.0.0.1
initially times out. But after doing
dig +dnssec -t ANY www.forfunsec.org @127.0.0.1
the same command reports the three RRSIG records (for A, AAAA and SSHFP
types) that got into its cache, and it does set the "ad" bit in that
response.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users