Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNSSEC missing AD flag #5479

Closed
3 tasks done
Virsacer opened this issue Feb 12, 2023 · 2 comments
Closed
3 tasks done

DNSSEC missing AD flag #5479

Virsacer opened this issue Feb 12, 2023 · 2 comments
Assignees
@ainar-g
Labels
bug P3: Medium
Milestone
v0.107.24

Comments

@Virsacer
Copy link

Prerequisites

  • I have checked the Wiki and Discussions and found no answer

  • I have searched other issues and found no duplicates

  • I want to report a bug and not ask a question

Operating system type

Linux, Other (please mention the version in the description)

CPU architecture

64-bit ARM

Installation

Docker

Setup

On one machine

AdGuard Home version

v0.107.23

Description

What did you do?

Run perl script:

use Net::DNS;
my $resolver = new Net::DNS::Resolver(nameservers => "ADGUARD-IP", dnssec => 1, debug => 1);
print "\n\nAD-flag: " . $resolver->send("example.com", "A")->header->ad . "\n";

Expected result

AD-flag: 1

Actual result

AD-flag: 0

Additional information

I enabled DNSSEC in Adguard.
When running the script there is no AD flag set in the result.
In the query-log there is a green lock for the query and the debug-output shows the RRSIG, so this part seems to be working.
And yes, 'example.com' is actually a signed domain.

When running the script using my bind9, google or cloudflare as nameserver the AD flag is set.
@ainar-g ainar-g self-assigned this Feb 13, 2023
@ainar-g ainar-g added this to the v0.107.24 milestone Feb 13, 2023
adguard pushed a commit that referenced this issue Feb 13, 2023
@ainar-g
Pull request 1734: 5479-ad-do-fix
a50a8ab 
Updates #5479.

Squashed commit of the following:

commit 348d0b9
Merge: a0cf6f3 ff04b2a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Feb 13 18:42:47 2023 +0300

    Merge branch 'master' into 5479-ad-do-fix

commit a0cf6f3
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Feb 13 18:02:54 2023 +0300

    dnsforward: imp names, docs

commit dfc0be5
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Feb 13 14:34:49 2023 +0300

    dnsforward: fix ad flag for do reqs
@ainar-g
Copy link
Contributor

ainar-g commented Feb 13, 2023

Thanks for the report! This should be fixed in the latest build on the Edge channel. Could you please check if that works for you now?

@Virsacer
Copy link
Author

Can confirm: The docker image with "edge" tag does work correctly.

Thank you for the quick fix :-)

@ainar-g ainar-g closed this as completed Feb 14, 2023
@ainar-g ainar-g modified the milestones: v0.107.25, v0.107.24 Feb 15, 2023
heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@ainar-g @heyxkhoa
Pull request 1734: 5479-ad-do-fix
8bd6a1c 
Updates AdguardTeam#5479.

Squashed commit of the following:

commit 348d0b9
Merge: a0cf6f3 ff04b2a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Feb 13 18:42:47 2023 +0300

    Merge branch 'master' into 5479-ad-do-fix

commit a0cf6f3
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Feb 13 18:02:54 2023 +0300

    dnsforward: imp names, docs

commit dfc0be5
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Feb 13 14:34:49 2023 +0300

    dnsforward: fix ad flag for do reqs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ainar-g ainar-g

Labels
bug P3: Medium
Projects
None yet
Milestone
v0.107.24
Development

No branches or pull requests
2 participants
@ainar-g @Virsacer