Maintained by: NLnet Labs

[Unbound-users] Can get MX or SOA but not RRSIG

W.C.A. Wijngaards
Mon Mar 30 11:37:47 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Stephane,

Yes that is a bug.  The validator marks the result as bogus because it
cannot find RRSIG(RRSIG).  Fixed in trunk r1565.
(it simply omits validation, no AD bit)

Best regards,
   Wouter

Stephane Bortzmeyer wrote:
> The domain souissi.net is in the ISC DLV registry.
> 
>>From Unbound 1.2.0, I can get the MX or the SOA:
> 
> % dig +dnssec MX souissi.net   
> ...
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 9
> ...
> 
> But not the RRSIG:
> 
> % dig +dnssec RRSIG souissi.net
> ...
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45731
> ...
> 
> BIND 9.5.1 has no problem getting the RRSIG
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAknQkusACgkQkDLqNwOhpPhZ2wCgtSXOYpCqd5xy4W313n7OXXhe
3xAAmwcbgu+ZjcSxnYINkdGbe/9GRCHc
=NHlz
-----END PGP SIGNATURE-----