Still broken.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 9.04
Release:9.04
Codename: jaunty
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
https://bugs.launchpad.net/bugs/242956
You received this bug notification
Still broken.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 9.04
Release:9.04
Codename: jaunty
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
https://bugs.launchpad.net/bugs/242956
You received this bug notification
It would be very cool if someone could get the AD bit parsing done in the
resolver library before
the next release. I believe this is the only thing stopping us from using
DNSSEC as outlined above.
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
It would be very cool if someone could get the AD bit parsing done in the
resolver library before
the next release. I believe this is the only thing stopping us from using
DNSSEC as outlined above.
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
Moving this issue. When options edns0 is turned on (usually in
/etc/resolv.conf), ssh doesn't see it, and fails to request a DNSSEC
response, which in turn leads to SSHFP records being considered
insecure.
** Changed in: openssh (Ubuntu)
Sourcepackagename: bind9 = openssh
Assignee: LaMont
BIND 9 uses EDNS0 (RFC2671) to advertise its receive buffer size.
It also sets an EDNS flag bit in queries to indicate that it wishes to
receive DNSSEC responses; this flag bit usage is not yet standardized,
but we hope it will be.
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
BIND 9 uses EDNS0 (RFC2671) to advertise its receive buffer size.
It also sets an EDNS flag bit in queries to indicate that it wishes to
receive DNSSEC responses; this flag bit usage is not yet standardized,
but we hope it will be.
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
Thanks for your response.
What you're seeing here is that the AD bit was redefined here:
http://www.ietf.org/rfc/rfc3655.txt
That is why options edns0 is defined, so that the client is forced to
ask for the AD bit. Who do you suggest I talk to about this?
Thanks,
--
Bryan Buecking
Thanks for your response.
What you're seeing here is that the AD bit was redefined here:
http://www.ietf.org/rfc/rfc3655.txt
That is why options edns0 is defined, so that the client is forced to
ask for the AD bit. Who do you suggest I talk to about this?
Thanks,
--
Bryan Buecking
Public bug reported:
Binary package hint: bind9
% lsb_release -rd
Description:Ubuntu 8.04
Release:8.04
% apt-cache policy bind9
bind9:
Installed: 1:9.4.2-10
Candidate: 1:9.4.2-10
Version table:
*** 1:9.4.2-10 0
500 http://ubuntu-ashisuto.ubuntulinux.jp hardy/main
Public bug reported:
Binary package hint: bind9
% lsb_release -rd
Description:Ubuntu 8.04
Release:8.04
% apt-cache policy bind9
bind9:
Installed: 1:9.4.2-10
Candidate: 1:9.4.2-10
Version table:
*** 1:9.4.2-10 0
500 http://ubuntu-ashisuto.ubuntulinux.jp hardy/main
11 matches
Mail list logo