The problem lies within the libc stub resolver. I patched mine, so it always sets the AD flag in queries, which prompts the recursor to set AD in response if DNSSEC validation succeeded.
Verbose explanations (one of my seldom public blog posts ;) and small patch here: http://bd.hauke-lampe.de/dnssec/how-to-get-dnssec-ad-flag-with-glibc.html -- Bind9 (8.04) not returning 'ad' flag when dnssec is enabled https://bugs.launchpad.net/bugs/242956 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
