Hi, On 14-02-12 16:53, Robert Edmonds wrote: >>> With unbound on your server, you should be able to do: >>> >>> dig +dnssec @server <signed name> >>> >>> ...and get back a response with the "ad" flag set e.g. >>> >>> $ dig +dnssec org ns >>> ... >>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 7 >>> ^^ AD flag set
When I type this command on both my server and desktop machine, I don't see the AD flag. I this with dig version 9.7.3. > if the validator plugin requires the AD flag then that explains the > poster's different results between debian and ubuntu. > > the "ubuntu" unbound package is pretty much just the debian unbound > package (with the minor exception that, because ubuntu releases so > often, they end up doing more security updates for their distribution's > releases), and i introduced DNSSEC validation by default (with the help > of unbound-anchor) in versions >= 1.4.9-1, which is after the stable > release of debian (6.0/squeeze), but has probably been included in > several ubuntu releases by now. also note that newer unbound packages > for debian stable that do DNSSEC validation by default are available in > the debian backports repository. Unbound version on server (Debian): 1.4.14-2~bpo60+1 Unbound version on Ubuntu: 1.4.12-1ubuntu1 Marcel _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
