On Tue, Dec 14, 2010 at 02:18:44PM +0100, Heiko Schlittermann <hs@schlittermann.de> wrote a message of 46 lines which said: > Using a current lenny with bind9 I can't validate (www|ftp).debian.org > anymore. Works for me (BIND on a lenny using dlv.isc.org). Note the ad bit: % dig +dnssec A www.debian.org ; <<>> DiG 9.6-ESV-R3 <<>> +dnssec A www.debian.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12253 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 13 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;www.debian.org. IN A ;; ANSWER SECTION: www.debian.org. 300 IN A 141.76.2.5 www.debian.org. 300 IN A 213.129.232.18 www.debian.org. 300 IN RRSIG A 5 3 300 20110111094829 20101214094829 38208 www.debian.org. AR+irfLzNRWYgbJwp4Nf6M1o3xpANStnSMNQ7iechFhX9YdDUgx7vHLl 4/mjM6RbyHJiCyz5supU4ubuWT5QxjvG6IE/HgoimiEjq4XsP7ANSEdF 1B3y270gBxn+tO2ZDfNwLdob9k3AXJnyOVUq9cPVaa8ZcNZ8rhJ04JLF 3i3E9AphlUywmQPTNTCEtOoV What is the output of 'dig +cd +dnssec www.debian.org' on your case?
Attachment:
signature.asc
Description: Digital signature