starred/dnslookup
1
0
Fork 0
mirror of https://github.com/ameshkov/dnslookup.git synced 2026-04-27 06:26:24 +03:00
Code Issues 30 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #82] AD bit is missing #58

New issue
Open
opened 2026-03-14 01:11:08 +03:00 by kerem · 0 comments
kerem commented 2026-03-14 01:11:08 +03:00
Owner
Copy link

Originally created by @nl6720 on GitHub (May 29, 2025).
Original GitHub issue: https://github.com/ameshkov/dnslookup/issues/82

For queries with the DO bit set, the results don't contain the AD bit (i.e. there's no ad in flags):

$ DNSSEC=1 dnslookup go.dnscheck.tools tls://wikimedia-dns.org 185.71.138.138
dnslookup master
Server: tls://wikimedia-dns.org

dnslookup result (elapsed 164.97548ms):
;; opcode: QUERY, status: NOERROR, id: 27557
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;go.dnscheck.tools.     IN       A

;; ANSWER SECTION:
go.dnscheck.tools.      1       IN      A       116.203.95.251

Compare it with kdig, which returns ad in Flags:

$ kdig go.dnscheck.tools +dnssec +tls-hostname=wikimedia-dns.org @185.71.138.138
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-128-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 12425
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 391 B

;; QUESTION SECTION:
;; go.dnscheck.tools.           IN      A

;; ANSWER SECTION:
go.dnscheck.tools.      1       IN      A       116.203.95.251

;; Received 457 B
;; Time 2025-05-29 13:25:23 EEST
;; From 185.71.138.138@853(TLS) in 148.4 ms
Originally created by @nl6720 on GitHub (May 29, 2025). Original GitHub issue: https://github.com/ameshkov/dnslookup/issues/82 For queries with the DO bit set, the results don't contain the AD bit (i.e. there's no `ad` in `flags`): ```sh $ DNSSEC=1 dnslookup go.dnscheck.tools tls://wikimedia-dns.org 185.71.138.138 dnslookup master Server: tls://wikimedia-dns.org dnslookup result (elapsed 164.97548ms): ;; opcode: QUERY, status: NOERROR, id: 27557 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;go.dnscheck.tools. IN A ;; ANSWER SECTION: go.dnscheck.tools. 1 IN A 116.203.95.251 ``` Compare it with `kdig`, which returns `ad` in `Flags`: ```sh $ kdig go.dnscheck.tools +dnssec +tls-hostname=wikimedia-dns.org @185.71.138.138 ;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-128-GCM) ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 12425 ;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1 ;; EDNS PSEUDOSECTION: ;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR ;; PADDING: 391 B ;; QUESTION SECTION: ;; go.dnscheck.tools. IN A ;; ANSWER SECTION: go.dnscheck.tools. 1 IN A 116.203.95.251 ;; Received 457 B ;; Time 2025-05-29 13:25:23 EEST ;; From 185.71.138.138@853(TLS) in 148.4 ms ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.11.2
v1.11.1
v1.11.0
v1.10.1
v1.10.0
v1.9.2
v1.9.1
v1.9.0
v1.8.1
v1.8.0
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.0
v1.5.1
v1.5.0
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.0
v1.0.0
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
good first issue

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
enhancement
enhancement
good first issue
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/dnslookup#58
No description provided.