[Bug 242956] [NEW] Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
buecking
buecking at gmail.com
Wed Jun 25 15:48:13 BST 2008
Public bug reported:
Binary package hint: bind9
% lsb_release -rd
Description: Ubuntu 8.04
Release: 8.04
% apt-cache policy bind9
bind9:
Installed: 1:9.4.2-10
Candidate: 1:9.4.2-10
Version table:
*** 1:9.4.2-10 0
500 http://ubuntu-ashisuto.ubuntulinux.jp hardy/main Packages
100 /var/lib/dpkg/status
% cat /etc/resolv.conf
nameserver 127.0.0.1
options edns0
When running dig against dns server w/DNSSEC enabled it is expected that
named should return the ad flag for authenticated records; however, this
system is not returning the correct response. If I query asking for
+dnssec the ad flag is properly returned - as expected.
Without the ad flag I am not able to use ssh VerifyHostKeyDNS.
I have two systems with identical named configs. System A is a NetBSD
machine running Bind 9.4.2 built against OpenSSL 0.9.8d 28 Sep 2006, and
System B Ubuntu 8.04 running Bind 9.4.2 built against OpenSSL 0.9.8g 19
Oct 2007.
If I dig @system-a foo.example.com A the ad flag is return; but as I
mentioned above if I dig @system-b foo.example.com A the ad flag is not
returned even though the configurations are exactly the same.
When quering for an SSHFP record both servers, a and b, return the same
SSHFP record in the results.
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
** Tags: ad bind9 dnssec
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
https://bugs.launchpad.net/bugs/242956
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list