[Dnsmasq-discuss] Testers wanted: DNSSEC.

Jan-Piet Mens jpmens.dns at gmail.com
Thu Feb 6 08:15:35 GMT 2014


> >1. I am getting different results on two subsequent identical queries
> >WRT RRSIG record and AD flag.

> The second answer comes from the cache, and the D0 bit is not set in
> the query, so the answer doesn't have the AD  flag or RRSIG, if you
> add "+dnssec" to the dig command you should see both in replies from
> the cache,

I'm seeing the same that Matthias noted: the second response from
dnsmasq doesn't have the +AD bit set.

FWIW, Unbound and BIND9 both respond with +AD when I query them
consecutively with `dig +ad'.

Adding +dnssec to the flags upon querying dnsmasq works.

        -JP



More information about the Dnsmasq-discuss mailing list