Hi, we have found the bug that caused this problem. It was introduced in a very recent release. The fix is on its way.
Thanks very much for the report, Yunhong On Thu, Nov 15, 2012 at 12:26 PM, Jay Ford <jay-f...@uiowa.edu> wrote: > It looks like if the server has the RRSIG RR, it returns it. For example, a > query with +dnssec will cause it to cache the RRSIG, after which it returns > it even if +dnssec not specified. > > ________________________________________________________________________ > Jay Ford, Network Engineering Group, Information Technology Services > University of Iowa, Iowa City, IA 52242 > email: jay-f...@uiowa.edu, phone: 319-335-5555, fax: 319-335-2951 > > ________________________________________ > query without +dnssec before RRSIG is cached; RRSIG not returned > ________________________________________ > > : dig @8.8.8.8 m1.mailplus.nl > > ; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 m1.mailplus.nl > > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3665 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;m1.mailplus.nl. IN A > > ;; ANSWER SECTION: > m1.mailplus.nl. 2985 IN A 46.31.50.16 > > ;; Query time: 15 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Thu Nov 15 11:22:02 2012 > ;; MSG SIZE rcvd: 48 > > ________________________________________ > query with +dnssec; RRSIG is returned > ________________________________________ > > : dig +dnssec +multi @8.8.8.8 m1.mailplus.nl > > ; <<>> DiG 9.8.1-P1 <<>> +dnssec +multi @8.8.8.8 m1.mailplus.nl > > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58877 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 512 > > ;; QUESTION SECTION: > ;m1.mailplus.nl. IN A > > ;; ANSWER SECTION: > m1.mailplus.nl. 2978 IN A 46.31.50.16 > m1.mailplus.nl. 2978 IN RRSIG A 7 3 3600 20130517082302 ( > > 20121115082302 3767 mailplus.nl. > > WzKY2FnTbF8MOhAuDvnrPkpgskeH4aI1YByh6zBX1z1p > > QRo8YIcxzlSNtHv2LnKUk+0n6iIXqV77sHynHHP/Y/a0 > > bMKYKIDuK8Gtz47AVDJaU0eX0FR8F5qqw897ClGf5ISa > 0njPLFVyF/NJ6hNViDYzOhhHGi58dhZmhKWFujs= ) > > ;; Query time: 16 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Thu Nov 15 11:22:10 2012 > ;; MSG SIZE rcvd: 230 > > ________________________________________ > query without +dnssec after RRSIG is cached; RRSIG returned > ________________________________________ > > : dig +multi @8.8.8.8 m1.mailplus.nl > > ; <<>> DiG 9.8.1-P1 <<>> +multi @8.8.8.8 m1.mailplus.nl > > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13524 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;m1.mailplus.nl. IN A > > ;; ANSWER SECTION: > m1.mailplus.nl. 2974 IN A 46.31.50.16 > m1.mailplus.nl. 2974 IN RRSIG A 7 3 3600 20130517082302 ( > > 20121115082302 3767 mailplus.nl. > > WzKY2FnTbF8MOhAuDvnrPkpgskeH4aI1YByh6zBX1z1p > > QRo8YIcxzlSNtHv2LnKUk+0n6iIXqV77sHynHHP/Y/a0 > > bMKYKIDuK8Gtz47AVDJaU0eX0FR8F5qqw897ClGf5ISa > 0njPLFVyF/NJ6hNViDYzOhhHGi58dhZmhKWFujs= ) > > ;; Query time: 17 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Thu Nov 15 11:22:13 2012 > ;; MSG SIZE rcvd: 219
