[Pdns-users] PDNS recursor dnssec settings

Remi Gacogne remi.gacogne at powerdns.com
Tue Mar 5 08:18:38 UTC 2019


On 3/5/19 7:25 AM, 葉科貝 wrote:
> I'm testing new version pdns-recursor-4.2.0-0.alpha1.1 .
> I set dnssec use mod process.
> When I query a record without ad or do flag, I receive the message
> "Answer to host.com.tw|A for validates as Bogus" .
> Under the mode process, isn't this verification done?
> Is my understanding wrong?

dig does set the AD flag by default, which leads to unexpected results.
Would you mind trying with +noad, ie:

dig host.com.tw  @ -p 5301 +noad

For more information please have a look at
https://doc.powerdns.com/recursor/dnssec.html#what-when if you haven't
done so already.

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190305/eb44d20f/attachment.sig>

More information about the Pdns-users mailing list