Menu
▾
▴
Re: Flags.AD missing on DNSSEC response header
|
From: Brian W. <bwe...@xb...> - 2009-10-01 18:47:35
|
On Sep 30, 2009, at 11:23 PM, Christian Möller wrote: > Hi Brian > >>> I've testing dnsjava lib with DNSsec and it seems that the AD flag >>> (authenticated data) within a response is not recognized correctly. >>> >>> Here is the header section of a response I've received asking >>> nameserver a.ns.se for A records of google.se (for testing >>> purposes): >>> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24516 >>> ;; flags: qr ; qd: 1 an: 0 au: 6 ad: 1 >>> ;; QUESTIONS: >>> ;; google.se., type = A, class = IN >>> [...] >>> >>> But asking response's org.xbill.DNS.Message header for Flag.AD >>> fails: >>> >>> org.xbill.DNS.Message response = ... >>> response.getHeader().getFlag(org.xbill.DNS.Flags.AD); // returns >>> "false" >> >> Unless I'm missing something, this is because the AD bit isn't set. >> >>> Asking header for other flags (like Flags.QR in this example) >>> succeeds, so what's going wrong here? Is it a bug or am I missing >>> something? >> >> The QR flag is set. There are no other flags set, so asking for any >> other one will return false. >> >> Is it possible that you're misreading the dig ouptut? The "ad" in >> there refers to the count of records in the additional section, not a >> flag. > > Indeed, you're right! Sorry for any inconvenience and thanks for > opening my eyes. > But what the hell drives them to give different concepts the same > abbreviation? Maybe checking attentiveness of the reader? ;-) No problem. As to why the abbreviations are the same - that's a good question. The flags are usually printed in capital letters, which helps a bit, but dig (the original dig, from which dnsjava's dig header format was copied) doesn't do that. Brian |
