[Bug 257682] [NEW] dig compiled without -DDIG_SIGCHASE!

Wed Aug 13 19:44:57 BST 2008

Public bug reported:

Binary package hint: dnsutils

I'm trying to validate my DNSSEC zone signatures using dig.   To do this
I need to use the +sigchase flag to dig.   When I do so, this is what I
see:

toccata% dig +sigchase +dnssec DS fugue.se.
Invalid option: +sigchase
Usage:  dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]

Use "dig -h" (or "dig -h | more") for complete list of options
toccata% 

I think what's going on here is that dig has not been compiled with the
-DDIG_SIGCHASE option.

Given all the excitement recently with Dan Kaminsky's DNS bug, I think
the ability to check DNSSEC signatures is now a requirement, not
something that should be optional.   Dig is a debugging tool for DNS
administrators, and in order for us to debug our DNSSEC installations,
we need dig to be able to verify signatures.

toccata% lsb_release -rd
Description:	Ubuntu 8.04.1
Release:	8.04
toccata% apt-cache policy dnsutils
dnsutils:
  Installed: 1:9.4.2-10ubuntu0.1
  Candidate: 1:9.4.2-10ubuntu0.1
  Version table:
 *** 1:9.4.2-10ubuntu0.1 0
        500 http://us.archive.ubuntu.com hardy-updates/main Packages
        500 http://security.ubuntu.com hardy-security/main Packages
        100 /var/lib/dpkg/status
     1:9.4.2-10 0
        500 http://us.archive.ubuntu.com hardy/main Packages
toccata%

** Affects: bind9 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
dig compiled without -DDIG_SIGCHASE!
https://bugs.launchpad.net/bugs/257682
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.