Menu
▾
▴
Re:
|
From: Brian W. <bwe...@xb...> - 2009-09-30 15:52:21
|
On Sep 30, 2009, at 1:27 AM, "Christian Möller" <dcm...@gm...> wrote: > Hi, > > I've testing dnsjava lib with DNSsec and it seems that the AD flag > (authenticated data) within a response is not recognized correctly. > > Here is the header section of a response I've received asking > nameserver a.ns.se for A records of google.se (for testing purposes): > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24516 > ;; flags: qr ; qd: 1 an: 0 au: 6 ad: 1 > ;; QUESTIONS: > ;; google.se., type = A, class = IN > [...] > > But asking response's org.xbill.DNS.Message header for Flag.AD fails: > > org.xbill.DNS.Message response = ... > response.getHeader().getFlag(org.xbill.DNS.Flags.AD); // returns > "false" Unless I'm missing something, this is because the AD bit isn't set. > Asking header for other flags (like Flags.QR in this example) > succeeds, so what's going wrong here? Is it a bug or am I missing > something? The QR flag is set. There are no other flags set, so asking for any other one will return false. Is it possible that you're misreading the dig ouptut? The "ad" in there refers to the count of records in the additional section, not a flag. > Brian |
