[Dnsmasq-discuss] Testers wanted: DNSSEC.
jpmens.dns at gmail.com
Thu Feb 6 08:15:35 GMT 2014
> >1. I am getting different results on two subsequent identical queries
> >WRT RRSIG record and AD flag.
> The second answer comes from the cache, and the D0 bit is not set in
> the query, so the answer doesn't have the AD flag or RRSIG, if you
> add "+dnssec" to the dig command you should see both in replies from
> the cache,
I'm seeing the same that Matthias noted: the second response from
dnsmasq doesn't have the +AD bit set.
FWIW, Unbound and BIND9 both respond with +AD when I query them
consecutively with `dig +ad'.
Adding +dnssec to the flags upon querying dnsmasq works.
More information about the Dnsmasq-discuss