[getdns-users] where is the "ad" bit?
A. Schulze
sca at andreasschulze.de
Sun Jul 9 15:10:24 CEST 2017
Am 05.07.2017 um 23:13 schrieb Willem Toorop:
> You have to adapt your stubby.conf file to include
>
> dnssec_return_status: GETDNS_EXTENSION_TRUE
Hello Willem,
that works. so thanks for the hint.
one more question (maybe unrelated)
beside the "ad" flag I see now also "cd" flag set in the response.
I know "cd" only if I try to get data for the intentional broken
domain "dnssec-faild.org"
Andreas
>
> For example here is the start of the stubby.conf file with that
> extension set.
>
> { dnssec_return_status: GETDNS_EXTENSION_TRUE
> , resolution_type: GETDNS_RESOLUTION_STUB
> , dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
> , tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
> , tls_query_padding_blocksize: 256
> , edns_client_subnet_private : 1
> , listen_addresses: [ 127.0.0.1, 0::1 ]
> , idle_timeout: 10000
> , round_robin_upstreams: 1
> , upstream_recursive_servers:
> [ { address_data: 145.100.185.15
> , tls_auth_name: "dnsovertls.sinodun.com"
> , tls_pubkey_pinset:
> [ { digest: "sha256"
> , value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
> } ]
> },
>
> Cheers,
> -- Willem
>>
>> Andreas
>> _______________________________________________
>> Users mailing list
>> Users at getdnsapi.net
>> https://getdnsapi.net/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> https://getdnsapi.net/mailman/listinfo/users
>
More information about the Users
mailing list