[Bug 242956] Re: Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
Wolfgang Nagele
wnagele at ripe.net
Fri Jun 12 12:36:30 BST 2009
The only system i could get this working at the moment was OpenBSD. To enable
this i had to provide 'edns0' as an option in resolv.conf[1].
I have attached a PCAP (openbsd.pcap) generated with tcpdump. If you observe it
(for instance with Wireshark) you will see that the request for the SSHFP
records has the DO bit set in the EDNS0 section of the packet and the response
has the AD bit set in the packet header.
[1] http://www.mail-archive.com/misc@openbsd.org/msg11176.html
** Attachment added: "Packet trace of working DNSSEC lookup in OpenBSD"
http://launchpadlibrarian.net/27818702/openbsd.pcap
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
https://bugs.launchpad.net/bugs/242956
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list