> >1. I am getting different results on two subsequent identical queries > >WRT RRSIG record and AD flag.
> The second answer comes from the cache, and the D0 bit is not set in > the query, so the answer doesn't have the AD flag or RRSIG, if you > add "+dnssec" to the dig command you should see both in replies from > the cache, I'm seeing the same that Matthias noted: the second response from dnsmasq doesn't have the +AD bit set. FWIW, Unbound and BIND9 both respond with +AD when I query them consecutively with `dig +ad'. Adding +dnssec to the flags upon querying dnsmasq works. -JP _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss