[Pdns-users] PDNS recursor dnssec settings
remi.gacogne at powerdns.com
Tue Mar 5 08:18:38 UTC 2019
On 3/5/19 7:25 AM, 葉科貝 wrote:
> I'm testing new version pdns-recursor-4.2.0-0.alpha1.1 .
> I set dnssec use mod process.
> When I query a record without ad or do flag, I receive the message
> "Answer to host.com.tw|A for 220.127.116.11:59977 validates as Bogus" .
> Under the mode process, isn't this verification done?
> Is my understanding wrong?
dig does set the AD flag by default, which leads to unexpected results.
Would you mind trying with +noad, ie:
dig host.com.tw @18.104.22.168 -p 5301 +noad
For more information please have a look at
https://doc.powerdns.com/recursor/dnssec.html#what-when if you haven't
done so already.
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Pdns-users