Still broken.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 9.04
Release:9.04
Codename: jaunty
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
https://bugs.launchpad.net/bugs/242956
You received this bug notification bec
It would be very cool if someone could get the AD bit parsing done in the
resolver library before
the next release. I believe this is the only thing stopping us from using
DNSSEC as outlined above.
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
https://bugs.launchpad.net/bugs/2
Moving this issue. When "options edns0" is turned on (usually in
/etc/resolv.conf), ssh doesn't see it, and fails to request a DNSSEC
response, which in turn leads to SSHFP records being considered
insecure.
** Changed in: openssh (Ubuntu)
Sourcepackagename: bind9 => openssh
Assignee: LaMont
BIND 9 uses EDNS0 (RFC2671) to advertise its receive buffer size.
It also sets an EDNS flag bit in queries to indicate that it wishes to
receive DNSSEC responses; this flag bit usage is not yet standardized,
but we hope it will be.
--
Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
ht
Thanks for your response.
> What you're seeing here is that the AD bit was redefined here:
> http://www.ietf.org/rfc/rfc3655.txt
That is why options edns0 is defined, so that the client is forced to
ask for the AD bit. Who do you suggest I talk to about this?
Thanks,
--
Bry
Public bug reported:
Binary package hint: bind9
% lsb_release -rd
Description:Ubuntu 8.04
Release:8.04
% apt-cache policy bind9
bind9:
Installed: 1:9.4.2-10
Candidate: 1:9.4.2-10
Version table:
*** 1:9.4.2-10 0
500 http://ubuntu-ashisuto.ubuntulinux.jp hardy/main Packa