Public bug reported: Binary package hint: bind9
% lsb_release -rd Description: Ubuntu 8.04 Release: 8.04 % apt-cache policy bind9 bind9: Installed: 1:9.4.2-10 Candidate: 1:9.4.2-10 Version table: *** 1:9.4.2-10 0 500 http://ubuntu-ashisuto.ubuntulinux.jp hardy/main Packages 100 /var/lib/dpkg/status % cat /etc/resolv.conf nameserver 127.0.0.1 options edns0 When running dig against dns server w/DNSSEC enabled it is expected that named should return the ad flag for authenticated records; however, this system is not returning the correct response. If I query asking for +dnssec the ad flag is properly returned - as expected. Without the ad flag I am not able to use ssh VerifyHostKeyDNS. I have two systems with identical named configs. System A is a NetBSD machine running Bind 9.4.2 built against OpenSSL 0.9.8d 28 Sep 2006, and System B Ubuntu 8.04 running Bind 9.4.2 built against OpenSSL 0.9.8g 19 Oct 2007. If I dig @system-a foo.example.com A the ad flag is return; but as I mentioned above if I dig @system-b foo.example.com A the ad flag is not returned even though the configurations are exactly the same. When quering for an SSHFP record both servers, a and b, return the same SSHFP record in the results. ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New ** Tags: ad bind9 dnssec -- Bind9 (8.04) not returning 'ad' flag when dnssec is enabled https://bugs.launchpad.net/bugs/242956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs