[Bug 242956] Re: Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
Jonathan Stewart
reaper at fudo.org
Sat Mar 14 21:47:35 GMT 2009
In my (limited) experience, the server only responds with the AD bit set
which it can validate the DNSSEC records on the domain. As there is no
root key in the DNS now, this means you must configure trust anchors on
your recursive nameserver.
My question would be: is your recursive DNS server actually able to
validate the DNSSEC records? If you operate the server, you should be
able to examine the dnssec logs and determine if the nameserver is able
to validate the DNSSEC records.
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
https://bugs.launchpad.net/bugs/242956
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list