25 Úno
2019
25 Úno
'19
11:01
Hi Ralf,
You are correct. This is rather a philosophical question :-) So far we haven't decided
on the main purpose of kdig.
For me kdig is a generic tool for advanced DNS testing. It means the defaults are simple
(e.g. no EDNS, DNS cookies).
The opposite approach is to consider kdig as a tool which knows best how the query should
look like ;-)
Anyway, we are open to change the defaults if it makes sense. So, what do our dear users
think?
Best,
Daniel
On 2/25/19 10:51 AM, Ralf Weber wrote:
Moin!
On 25 Feb 2019, at 10:32, Arsen STASIC wrote:
Hi,
I'm not sure if it was already discussed on this list.
Why is BIND's dig getting a AD flag and kdig not?
Binds dig is using EDNS0 and
other unnecessary stuff like cookies per default, while kdig per default emulates and old
style DNS client without bells and whistles, and thus does not get AD, as this was only
defined with DNSSEC (RFC2535/3655/4035). Having EDNS0 support even without setting DO is
considered to be able to interpret the AD bit, while clients without EDNS0 are considered
not to be able to interpret it and thus don’t get it.
So long
-Ralf
—--
Ralf Weber