On 11 January 2016 at 21:20, Stephane Bortzmeyer wrote:
> Interesting: it sends the signature before the SOA (and it breaks at
> least one DNS program - one of mine, shame):
>
> % dig @ns02.one.com. SOA masters-consultants.fr.
>
> ; <<>> DiG 9.9.5-9+deb8u3-Debian <<>>
On Tue, Jan 12, 2016 at 02:43:46PM +,
Dick Franks wrote
a message of 176 lines which said:
> returned RRSIG first for 44% of my statistically dubious sample.
It is said that PowerDNS does it at random, on purpose, to break
erroneous programs.
Attempt to repeat your result using
#!/usr/bin/perl -w
#
use Net::DNS 1.01;
my $resolver = new Net::DNS::Resolver( nameserver => 'ns02.one.com.',
dnssec => 1 );
$resolver->send(qw( masters-consultants.fr SOA ))->print;
#
returned RRSIG first for 44% of my statistically dubious sample.
On Tue, Jan 12, 2016 at 03:47:16PM +0100, Stephane Bortzmeyer wrote:
> > returned RRSIG first for 44% of my statistically dubious sample.
>
> It is said that PowerDNS does it at random, on purpose, to break
> erroneous programs.
Let me clarify that. PowerDNS Authoritative has always randomized