Using the ORG trust anchor from the ITAR yields the following result on 9.7.1 (no P1 patch). No initial time out.
# dig +dnssec -t RRSIG www.forfunsec.org ; <<>> DiG 9.7.1 <<>> +dnssec -t RRSIG www.forfunsec.org ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ; EDNS: version: 0, flags:; udp: 1280 ;www.forfunsec.org. IN RRSIG www.forfunsec.org. 3599 IN RRSIG A 7 3 3600 20100813101841 20100714101841 50402 forfunsec.org. Gkk25aX2wRSwwEqAvazUqmdWXW9P7iW/j2LcRbuUnJnEleQYr2OWuLNf 60spJ2xFI7zD10DQcgXBnjU4lf4qozOd9w9iNzzAqFOyZ5EftSv0j2Go BZZQWAztx/JLoFyLC8EkygySl4APxWTxbb5J4FWyMuSRlG392DBDL/GS 4FI= www.forfunsec.org. 3599 IN RRSIG AAAA 7 3 36000 20100813101841 20100714101841 50402 forfunsec.org. ixahCFi//d5CBf0ScxkwcYSCZv+RhfckdVscoVLxov6BGQ8F+skuy/AS WB69Dt9Q5uKjFGPNLmAnBbLL+f5ShQ/0VXAoyHCKRtiBofNFDK19VfvI y03pKjRYhAewZq5ztNzmMWH6pI014l4t6FX+Axj0dRWown6Ep0+MRYJF pGg= www.forfunsec.org. 3599 IN RRSIG SSHFP 7 3 86400 20100813101841 20100714101841 50402 forfunsec.org. diOATJqAlbwIljg6ZcFxpsMPObTo8wmXyMORzZxErWxnFbpcks+ePx1t cmxKvmTKTGJ15yVab6aV+BLbxKwpIHeXLttBvWVH49twAeQrurnHmOfE UPSUzxu7bpG2czbNXk2bKuG8MyRC6Oep50sY1/ZdzAv0PN6BUokEAyJG PvQ= On 14/07/10 3:34 PM, "Tony Finch" <d...@dotat.at> wrote: > On Wed, 14 Jul 2010, Chris Thompson wrote: >> >> With 9.7.1-P1 (and a trust anchor for dlv.isc.org) on a local workstation >> >> dig +dnssec -t RRSIG www.forfunsec.org @127.0.0.1 >> >> initially times out. But after doing >> >> dig +dnssec -t ANY www.forfunsec.org @127.0.0.1 >> >> the same command reports the three RRSIG records (for A, AAAA and SSHFP >> types) that got into its cache, and it does set the "ad" bit in that >> response. > > I see the same for bind-9.7.1. > > Was a release announcement sent out for 9.7.1-P1? We didn't receive one here. > > Tony. -- Kal Feher _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
