Re: dig -- only RRSIG present.

2012-02-12 Thread Miek Gieben
[ Quoting de.tec...@gmail.com at 23:10 on Feb 12 in dig -- only RRSIG pr... ] I'm trying to see DNSSEC response of various sites; my DNS server is 8.8.8.8 (google's public DNS service) Google's public resolvers don't handle DNSSEC very well... grtz Miek signature.asc Description: Digital

bind 9.6-esv-r6rc1 crashed with assert on rbtdb.c:1552

2012-02-12 Thread Sergey V. Lobanov
Hello, Bind9-esv-r6rc1 has crashed with the following error: 2012-02-12T12:21:56+04:00 crit [15716] general: critical: rbtdb.c:1552: INSIST(!((void *)((node)-deadlink.prev) != (void *)(-1))) failed 2012-02-12T12:21:56+04:00 crit [15716] general: critical: exiting (due to assertion failure)

Re: dig -- only RRSIG present.

2012-02-12 Thread Bill Owens
On Sun, Feb 12, 2012 at 10:22:22AM -0800, Michael Sinatra wrote: On 02/12/12 09:40, dE . wrote: I'm trying to see DNSSEC response of various sites; my DNS server is 8.8.8.8 (google's public DNS service) . . . As we can see, the DNSKEY and DS RR is missing which's mandatory for this to be of

Re: dig -- only RRSIG present.

2012-02-12 Thread Mark Andrews
8.8.8.8 returns servfail for me. Note a RFC 1035 caching server should be be able to resolve dig ds org though it may not return the response from the parent zone. It depends on the cache state when the query is made. Mark % dig ds org @8.8.8.8 ; DiG 9.7.3-P3 ds org @8.8.8.8 ;; global

RE: dig -- only RRSIG present.

2012-02-12 Thread Spain, Dr. Jeffry A.
As Tony Finch pointed out to me a few days ago, the Google public servers don't understand that fact about DS records, and don't know to ask for them in the parent. But here's something interesting - as of my testing just now, they *do* respond with DS records This thread has been kind of

Re: dig -- only RRSIG present.

2012-02-12 Thread dE .
On 02/12/12 23:13, Miek Gieben wrote: [ Quotingde.tec...@gmail.com at 23:10 on Feb 12 in dig -- only RRSIG pr... ] I'm trying to see DNSSEC response of various sites; my DNS server is 8.8.8.8 (google's public DNS service) Google's public resolvers don't handle DNSSEC very well... grtz Miek

Re: dig -- only RRSIG present.

2012-02-12 Thread dE .
On 02/13/12 08:29, Spain, Dr. Jeffry A. wrote: As Tony Finch pointed out to me a few days ago, the Google public servers don't understand that fact about DS records, and don't know to ask for them in the parent. But here's something interesting - as of my testing just now, they *do* respond

Re: dig -- only RRSIG present.

2012-02-12 Thread dE .
On 02/13/12 10:13, Spain, Dr. Jeffry A. wrote: But another question remains, where's the DNSKEY record which's the missing link as of the current time. Querying -- dig +dnssec -t DNSKEY yahoo.com @198.41.0.4 Does not return anything. I think that yahoo.com is probably not a DNSSEC-signed zone