Hi Brian
> > I've testing dnsjava lib with DNSsec and it seems that the AD flag
> > (authenticated data) within a response is not recognized correctly.
> >
> > Here is the header section of a response I've received asking
> > nameserver a.ns.se for A records of google.se (for testing purposes):
> >
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24516
> > ;; flags: qr ; qd: 1 an: 0 au: 6 ad: 1
> > ;; QUESTIONS:
> > ;; google.se., type = A, class = IN
> > [...]
> >
> > But asking response's org.xbill.DNS.Message header for Flag.AD fails:
> >
> > org.xbill.DNS.Message response = ...
> > response.getHeader().getFlag(org.xbill.DNS.Flags.AD); // returns
> > "false"
>
> Unless I'm missing something, this is because the AD bit isn't set.
>
> > Asking header for other flags (like Flags.QR in this example)
> > succeeds, so what's going wrong here? Is it a bug or am I missing
> > something?
>
> The QR flag is set. There are no other flags set, so asking for any
> other one will return false.
>
> Is it possible that you're misreading the dig ouptut? The "ad" in
> there refers to the count of records in the additional section, not a
> flag.
Indeed, you're right! Sorry for any inconvenience and thanks for opening my eyes.
But what the hell drives them to give different concepts the same abbreviation? Maybe checking attentiveness of the reader? ;-)
Christian
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
|
