Using bind 9.7.1. w/ IANA test bed and not DLV: dig +dnssec rrsig www.iis.se
; <<>> DiG 9.7.1 <<>> +dnssec rrsig www.iis.se ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49621 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;www.iis.se. IN RRSIG ;; ANSWER SECTION: www.iis.se. 60 IN RRSIG NSEC 5 3 14400 20100723102502 20100713102502 3932 iis.se. n+0mfgfl9Ov76DZlF6BZoyGNJSc3GX/RFTaWOVStNIqPPGW13b/zuvBr ml3g556jt6GibbVp5apJ3FuQeqI9v6U4SOA36AqjhE5zMhbx2w+gAyez 5DDPyr1NOCC6E0f0cPGYj48O/aNIEXJKjyTJ0vwuwwLYiDt7jI8CNxcD Zec= www.iis.se. 60 IN RRSIG AAAA 5 3 3600 20100723102502 20100713102502 3932 iis.se. EOM2vHFm1XrQYe3xyiT+CCLU49XljlFpZzFUKZZWZb2l6hRjh9OnrTYJ bP817UA2OgKEs4Pdp6ZugQIiYhAViRd6EMlMPSyb+9YHCMioQ7JLrxfY D9K4BJOAmtBFpzL4laG5SltCx9FEesIWAYOySApVmM+uTBoRDXBHK23Z 9aw= www.iis.se. 60 IN RRSIG A 5 3 60 20100723102502 20100713102502 3932 iis.se. MF5Qq5yBzQ+ZvDvcfGBoVn6ym3EzCOVVqQY2ghVxBoSCQ9Hrh1/0nOj9 39Mr5incAefjg0mXSSvDo9WqFUm1cqUcQ4UJuOoT7VzDiC2OilAxr2xe fo6pivkNlHGIPzbXjSrq65292YIKgQnPXleTtH4HepUmn6bESQI/ioaB 9xk= and the other domain dig +dnssec -t RRSIG www.forfunsec.org ; <<>> DiG 9.7.1 <<>> +dnssec -t RRSIG www.forfunsec.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8864 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;www.forfunsec.org. IN RRSIG ;; ANSWER SECTION: www.forfunsec.org. 3291 IN RRSIG AAAA 7 3 36000 20100813101841 20100714101841 50402 forfunsec.org. ixahCFi//d5CBf0ScxkwcYSCZv+RhfckdVscoVLxov6BGQ8F+skuy/AS WB69Dt9Q5uKjFGPNLmAnBbLL+f5ShQ/0VXAoyHCKRtiBofNFDK19VfvI y03pKjRYhAewZq5ztNzmMWH6pI014l4t6FX+Axj0dRWown6Ep0+MRYJF pGg= www.forfunsec.org. 3291 IN RRSIG SSHFP 7 3 86400 20100813101841 20100714101841 50402 forfunsec.org. diOATJqAlbwIljg6ZcFxpsMPObTo8wmXyMORzZxErWxnFbpcks+ePx1t cmxKvmTKTGJ15yVab6aV+BLbxKwpIHeXLttBvWVH49twAeQrurnHmOfE UPSUzxu7bpG2czbNXk2bKuG8MyRC6Oep50sY1/ZdzAv0PN6BUokEAyJG PvQ= www.forfunsec.org. 3291 IN RRSIG A 7 3 3600 20100813101841 20100714101841 50402 forfunsec.org. Gkk25aX2wRSwwEqAvazUqmdWXW9P7iW/j2LcRbuUnJnEleQYr2OWuLNf 60spJ2xFI7zD10DQcgXBnjU4lf4qozOd9w9iNzzAqFOyZ5EftSv0j2Go BZZQWAztx/JLoFyLC8EkygySl4APxWTxbb5J4FWyMuSRlG392DBDL/GS 4FI= So it looks ok from my box. On 14/07/10 10:49 AM, "Marco Davids (SIDN)" <marco.dav...@sidn.nl> wrote: > On 07/14/10 00:43, Doug Barton wrote: > >>>>> Can anyone explain to me why the 'ad'-flag is set for this query? >>>>> >>>>> dig +dnssec -t RRSIG www.forfunsec.org >>>> >>> I use BIND 9.7.0rc1, configured to work with the IANA testbed. > >> I'd be interested to see what happens if you upgrade to the latest >> versions in each branch (the 9.7.x server above >> What you're seeing sounds like a bug, hopefully one that's been fixed >> (as it seems to be in 9.7.1-P1). > > I just upgraded one machine to 9.7.1-P1 (configured to use DLV). > > Same result... > > ; <<>> DiG 9.7.1-P1 <<>> +dnssec rrsig www.iis.se @localhost > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48545 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 4096 > ;; QUESTION SECTION: > ;www.iis.se. IN RRSIG > > ;; ANSWER SECTION: > www.iis.se. 6 IN RRSIG A 5 3 60 20100723102502 20100713102502 3932 > iis.se. MF5Qq5yBzQ+ZvDvcfGBoVn6ym3EzCOVVqQY2ghVxBoSCQ9Hrh1/0nOj9 > 39Mr5incAefjg0mXSSvDo9WqFUm1cqUcQ4UJuOoT7VzDiC2OilAxr2xe > fo6pivkNlHGIPzbXjSrq65292YIKgQnPXleTtH4HepUmn6bESQI/ioaB 9xk= > > ;; AUTHORITY SECTION: > iis.se. 3545 IN NS ns2.nic.se. > iis.se. 3545 IN NS ns.nic.se. > iis.se. 3545 IN NS ns3.nic.se. > iis.se. 3545 IN RRSIG NS 5 2 3600 20100723102502 20100713102502 3932 > iis.se. JRJ11qCnEFgVFY0ZDfevfd7Colywb7tlgFXWXOjq0ikqCX8lvcIBKbik > RQ+NqwBsHE4aa4E9QLVaruFTg+5tYIKWdonDjk8Kon+8f4oAf9cy9Yjs > Ldg0N6wa2HsTlHAq+EdlvXKgZvs8qCkY87iwkVLqn0bp704yacQhVKIQ yXA= > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Wed Jul 14 04:46:41 2010 > ;; MSG SIZE rcvd: 428 > > > dig +short chaos txt version.bind @localhost > "9.7.1-P1" > > -- > Marco > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Kal Feher _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
