The only system i could get this working at the moment was OpenBSD. To enable this i had to provide 'edns0' as an option in resolv.conf[1].
I have attached a PCAP (openbsd.pcap) generated with tcpdump. If you observe it (for instance with Wireshark) you will see that the request for the SSHFP records has the DO bit set in the EDNS0 section of the packet and the response has the AD bit set in the packet header. [1] http://www.mail-archive.com/m...@openbsd.org/msg11176.html ** Attachment added: "Packet trace of working DNSSEC lookup in OpenBSD" http://launchpadlibrarian.net/27818702/openbsd.pcap -- Bind9 (8.04) not returning 'ad' flag when dnssec is enabled https://bugs.launchpad.net/bugs/242956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
