Am 07.02.2014 09:24, schrieb Simon Kelley: > On 07/02/14 08:21, Jan-Piet Mens wrote: >>> Answering my previous question, this behaviour is specified in RFC >>> 6840 para 5.7. Code changes to implement it are in git now. >> >> Have they been comitted? ;-) No visible change here ... > > Ooops. Try now. > > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=e243c072b591cdeff8ac00483f5a9e426729534b > >
I moved forward to test7, and now the FIRST query (the one shipping the RRSIG and other additional stuff) lacks the AD flag, subsequent responses carry it. Do I need to disable DNSSEC verification in the BIND that dnsmasq forwards to to get useful test results? > $ dig sigok.verteiltesysteme.net. a +ad > > ; <<>> DiG 9.8.4-P2 <<>> sigok.verteiltesysteme.net. a +ad > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47460 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;sigok.verteiltesysteme.net. IN A > > ;; ANSWER SECTION: > sigok.verteiltesysteme.net. 60 IN A 134.91.78.139 > > ;; AUTHORITY SECTION: > verteiltesysteme.net. 2698 IN NS ns1.verteiltesysteme.net. > verteiltesysteme.net. 2698 IN NS ns2.verteiltesysteme.net. > > ;; ADDITIONAL SECTION: > ns1.verteiltesysteme.net. 2698 IN A 134.91.78.139 > ns1.verteiltesysteme.net. 2698 IN AAAA 2001:638:501:8efc::139 > ns2.verteiltesysteme.net. 2698 IN A 134.91.78.141 > ns2.verteiltesysteme.net. 2698 IN AAAA 2001:638:501:8efc::141 > > ;; Query time: 39 msec > ;; SERVER: 192.168.33.4#53(192.168.33.4) > ;; WHEN: Fri Feb 7 09:43:58 2014 > ;; MSG SIZE rcvd: 184 > $ dig sigok.verteiltesysteme.net. a +ad > > ; <<>> DiG 9.8.4-P2 <<>> sigok.verteiltesysteme.net. a +ad > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34332 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;sigok.verteiltesysteme.net. IN A > > ;; ANSWER SECTION: > sigok.verteiltesysteme.net. 55 IN A 134.91.78.139 > > ;; Query time: 0 msec > ;; SERVER: 192.168.33.4#53(192.168.33.4) > ;; WHEN: Fri Feb 7 09:44:03 2014 > ;; MSG SIZE rcvd: 60 _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss