27 Úno
2019
27 Úno
'19
10:36
Hi Daniel,
Moin Ralf,
Ralf, I also used kdig because of it's TLS support!
And Daniel, you are right, it's a philosophical question!
I came from dig and I was puzzled due to different behavior and it took me
some time to figure out the differences. If something is called that
similar (kdig vs. dig) maybe users expect same behavior? Maybe you could
ship a .kdigrc file, if that is supported by kdig, which mimics dig and
describe the differences in the man pages?
Cheers,
-arsen
* Daniel Salzman <daniel.salzman(a)nic.cz> [2019-02-25 11:01 (+0100)]:
Hi Ralf,
You are correct. This is rather a philosophical question :-) So far we haven't decided
on the main purpose of kdig.
For me kdig is a generic tool for advanced DNS testing. It means the defaults are simple
(e.g. no EDNS, DNS cookies).
The opposite approach is to consider kdig as a tool which knows best how the query should
look like ;-)
Anyway, we are open to change the defaults if it makes sense. So, what do our dear users
think?
Best,
Daniel
On 2/25/19 10:51 AM, Ralf Weber wrote:
> Moin!
>
>
> On 25 Feb 2019, at 10:32, Arsen STASIC wrote:
>
>> Hi,
>>
>> I'm not sure if it was already discussed on this list.
>> Why is BIND's dig getting a AD flag and kdig not?
> Binds dig is using EDNS0 and other unnecessary stuff like cookies per default, while
kdig per default emulates and old style DNS client without bells and whistles, and thus
does not get AD, as this was only defined with DNSSEC (RFC2535/3655/4035). Having EDNS0
support even without setting DO is considered to be able to interpret the AD bit, while
clients without EDNS0 are considered not to be able to interpret it and thus don’t get
it.
>
> So long
> -Ralf
> —--
> Ralf Weber
>