https://bugzilla.redhat.com/show_bug.cgi?id=1141535
Bug ID: 1141535 Summary: DNS Packet header AD flag erroneously set in DNSSEC query Product: Fedora Version: 20 Component: perl-Net-DNS Assignee: psabata@redhat.com Reporter: rwfranks@acm.org QA Contact: extras-qa@fedoraproject.org CC: perl-devel@lists.fedoraproject.org, psabata@redhat.com
Description of problem:
Net::DNS::Resolver configured with (dnssec => 1) emits query with both DO and AD flags set, contrary to RFC6840, 5.7
Version-Release number of selected component (if applicable):
0.79 and earlier
How reproducible:
100%
Steps to Reproduce: 1.
use Net::DNS::SEC; # although bug is in Net::DNS
$resolver = new Net::DNS::Resolver( dnssec => 1 );
$query = new Net::DNS::Packet( 'example.com' );
$reply = $resolver->send( $query );
$query->header->print;
__END__
2. 3.
Actual results:
;; id = 36886 ;; qr = 0 aa = 0 tc = 0 rd = 1 opcode = QUERY ;; ra = 0 z = 0 ad = 1 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 2048 ;; option:
Expected results:
;; id = 36886 ;; qr = 0 aa = 0 tc = 0 rd = 1 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 2048 ;; option:
Additional info:
Fixed upstream in 0.80 (release imminent)