Hi, On 3/5/19 7:25 AM, 葉科貝 wrote: > I'm testing new version pdns-recursor-4.2.0-0.alpha1.1 . > > I set dnssec use mod process. > > When I query a record without ad or do flag, I receive the message > "Answer to host.com.tw|A for 210.59.165.80:59977 validates as Bogus" . > > Under the mode process, isn't this verification done? > > Is my understanding wrong?
dig does set the AD flag by default, which leads to unexpected results. Would you mind trying with +noad, ie: dig host.com.tw @103.17.10.61 -p 5301 +noad For more information please have a look at https://doc.powerdns.com/recursor/dnssec.html#what-when if you haven't done so already. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
