On 3/09/18 23:38, Tony Finch wrote:
On 3 Sep 2018, at 21:26, Laurent Bigonville wrote:
The problem is that systemd-resolved (maybe other software are doing the same?)
is asking the DS record to check if the record is supposed to be signed (well I
think) before trying to do DNSSEC validation
On 3/09/18 21:03, Tony Finch wrote:
Laurent Bigonville wrote:
With bind9 server (I can reproduce that on RHEL7 with 9.9.4, debian stable
with 9.10.3 and also debian unstable with 9.11.4) when doing "dig ds
c10r.facebook.com @10.122.17.186", I get a SERVFAIL.
This is because the aut
raffic when bind is
acting as a forwarder (option forward=first so that's why you see a
query to facebook server as well)
An idea?
Kind regards,
Laurent Bigonville
facebook.pcap.gz
Description: application/gzip
___
Please visit https://lists.
3 matches
Mail list logo
