On 2023-01-07 22:22, Mark Andrews wrote:
I suspect the problem is that the request does not have RD=1 and you are
talking to
recursive servers.
I changed parental-agents to one of the .SE DNS servers.
Jan 07 22:26:48 dns-signer2 named[3428351]: keymgr: checkds DS for key
lowinger.se/ECDSAP384SHA384/59647 seen published at Sat Jan 7 22:26:48
2023
Thanks!
The following should work except where the authoritative server
does not implement DNS properly and rejects recursive queries rather than just
treating
the request as not recursive.
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index eab42bf8c0e..5b62fa8dc95 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -20704,6 +20704,7 @@ checkds_createmessage(dns_zone_t *zone, dns_message_t
**messagep) {
message->opcode = dns_opcode_query;
message->rdclass = zone->rdclass;
+ message->flags |= DNS_MESSAGEFLAG_RD;
dns_message_gettempname(message, &tempname);
Any reason not making this default?
I don't want to track upstream nameservers... Asking my trusted
resolvers is much easier :)
--
Regards / Med vänlig hälsning
Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
