Menu
▾
▴
Re: Flags.AD missing on DNSSEC response header
|
From: Christian M. <dcm...@gm...> - 2009-10-01 06:23:34
|
Hi Brian > > I've testing dnsjava lib with DNSsec and it seems that the AD flag > > (authenticated data) within a response is not recognized correctly. > > > > Here is the header section of a response I've received asking > > nameserver a.ns.se for A records of google.se (for testing purposes): > > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24516 > > ;; flags: qr ; qd: 1 an: 0 au: 6 ad: 1 > > ;; QUESTIONS: > > ;; google.se., type = A, class = IN > > [...] > > > > But asking response's org.xbill.DNS.Message header for Flag.AD fails: > > > > org.xbill.DNS.Message response = ... > > response.getHeader().getFlag(org.xbill.DNS.Flags.AD); // returns > > "false" > > Unless I'm missing something, this is because the AD bit isn't set. > > > Asking header for other flags (like Flags.QR in this example) > > succeeds, so what's going wrong here? Is it a bug or am I missing > > something? > > The QR flag is set. There are no other flags set, so asking for any > other one will return false. > > Is it possible that you're misreading the dig ouptut? The "ad" in > there refers to the count of records in the additional section, not a > flag. Indeed, you're right! Sorry for any inconvenience and thanks for opening my eyes. But what the hell drives them to give different concepts the same abbreviation? Maybe checking attentiveness of the reader? ;-) Christian -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 |
