On 07/14/10 00:43, Doug Barton wrote:
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I use BIND 9.7.0rc1, configured to work with the IANA testbed.
I'd be interested to see what happens if you upgrade to the latest
versions in each
On Jul 13 2010, Doug Barton wrote:
On Tue, 13 Jul 2010, Marco Davids (SIDN) wrote:
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you
On Wed, 14 Jul 2010, Chris Thompson wrote:
With 9.7.1-P1 (and a trust anchor for dlv.isc.org) on a local workstation
dig +dnssec -t RRSIG www.forfunsec.org @127.0.0.1
initially times out. But after doing
dig +dnssec -t ANY www.forfunsec.org @127.0.0.1
the same command reports the three
Using the ORG trust anchor from the ITAR yields the following result on
9.7.1 (no P1 patch). No initial time out.
# dig +dnssec -t RRSIG www.forfunsec.org
; DiG 9.7.1 +dnssec -t RRSIG www.forfunsec.org
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
; EDNS: version: 0,
I think the issue here is that the authenticity of an RRSIG RR doesn't
really make sense without the RRset it covers, and RRSIG themselves
are not signed (RFC 4035 section 2.2). The RRSIGs returned by the
cache are there initially because they exist (as well as the RRsets
they cover), but not
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
How does a validating resolver determine that such an answer is secure?
Thank you.
--
Marco Davids
___
bind-users mailing list
On Tue, 13 Jul 2010, Marco Davids (SIDN) wrote:
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you using?
Doug
--
Improve
On Wed, 14 Jul 2010, Marco Davids (SIDN) wrote:
On 07/13/10 23:58, Doug Barton wrote:
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you
8 matches
Mail list logo