[Pdns-users] PDNS recursor dnssec settings
Remi Gacogne
remi.gacogne at powerdns.com
Tue Mar 5 08:18:38 UTC 2019
Hi,
On 3/5/19 7:25 AM, 葉科貝 wrote:
> I'm testing new version pdns-recursor-4.2.0-0.alpha1.1 .
>
> I set dnssec use mod process.
>
> When I query a record without ad or do flag, I receive the message
> "Answer to host.com.tw|A for 210.59.165.80:59977 validates as Bogus" .
>
> Under the mode process, isn't this verification done?
>
> Is my understanding wrong?
dig does set the AD flag by default, which leads to unexpected results.
Would you mind trying with +noad, ie:
dig host.com.tw @103.17.10.61 -p 5301 +noad
For more information please have a look at
https://doc.powerdns.com/recursor/dnssec.html#what-when if you haven't
done so already.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190305/eb44d20f/attachment.sig>
More information about the Pdns-users
mailing list