In message <507e1c73.6050...@riseup.net>, pangj writes: > Hi, > > $ dig +dnssec udp53.org soa > > ; <<>> DiG 9.6.1-P2 <<>> +dnssec udp53.org soa > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37254 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 11 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 4096 > ;; QUESTION SECTION: > ;udp53.org. IN SOA > > ;; ANSWER SECTION: > udp53.org. 3600 IN SOA blox.wetworks.org. > alan.clegg.com. 1259962123 86400 3600 2419200 300 > udp53.org. 3600 IN RRSIG SOA 8 2 3600 > 20121030214830 20121016204830 48948 udp53.org. > eVftM2Iu4Q/pn0AVW3EXYricq2BagrleTAbQvAtbqOOj3UgSzQHwxR/i > 2zOTayebAx65K7mDql1qXaXUh7GAj1fmjKiaf1YR4QR1RHg2tV5dFEuP > j6bha3QD0YfxS8pPGywsNeLn+6BwM2FrSOKefvc1S/GAv6y9ei/gj8qG 94Y= > > > from the result above, I didn't see a AD flag setted. why?
There is no DS for udp53.org so there is no secure trust chain. > The nameserver in /etc/resolv.conf is 119.147.163.133 which is a > stardard BIND. > $ dig txt chaos version.bind @119.147.163.133 +short > "9.6.1-P2" Upgrade. BIND 9.6.1-P2 is seriously out of date and has known security vulnerabilities. The current release on the BIND 9.6 train is 9.6-ESV-R8 which is about 12 maintainance releases futher on than the code you are running. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
