stubby: DNSSEC not working on 0.3.0 (Windows)

Hi, I’ve enabled DNSSEC in stubby with:

dnssec_return_status: GETDNS_EXTENSION_TRUE

[15:33:35.264291] STUBBY: Stubby version: Stubby 0.3.0
[15:33:35.277288] STUBBY: Read config from file C:\Program Files\Stubby\stubby.yml
[15:33:35.280285] STUBBY: DNSSEC Validation is ON
[15:33:35.281285] STUBBY: Transport list is:
[15:33:35.282285] STUBBY:   - TLS
[15:33:35.282285] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[15:33:35.284283] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[15:33:35.286283] STUBBY: Starting DAEMON....

However I’m not getting the ad flag when querying a domain with DNSSEC:

C:\>dig @127.0.0.1 pir.org

; <<>> DiG 9.14.4 <<>> @127.0.0.1 pir.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34859
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;pir.org.                       IN      A

;; ANSWER SECTION:
pir.org.                299     IN      A       97.107.141.235
pir.org.                299     IN      RRSIG   A 5 2 300 20200501084004 20200417084004 4746 pir.org. FOMAwwz2RV77aGf7JgJFh4ktk2tfA0W8J3ny4kcR0Af9UHjfA/G6EQmW 5V/2NhQhY9wLENFnFJVIW3oGPnfwgBxn74J6jl0Gf/DUyoLYAFV+JCpn AeRI60EpCwj36yXRyyGrdRea0uvUrY0bM2CF27gqqWxkKRYBD+plOGRB m6M=

;; Query time: 889 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 17 16:27:53 GMT Summer Time 2020
;; MSG SIZE  rcvd: 233

About this issue

  • Original URL
  • State: open
  • Created 4 years ago
  • Comments: 36 (25 by maintainers)

Most upvoted comments

@triatic Yes, the error does not come from the write operation, but from the close operation. Error 5 means IO error which is not very helpful. I really have to get my hands on with the right build system (VisualStudio) to be able to address this… (for which I have to find and/or make time!) getdns_query is a tool which we use to work on the getdns library. It exposes the libraries functionality on the command line so it can be tried out and debugged quickly… Stubby is very similar, but focused towards being a stub resolver system component. Stubby even started out as an alias for getdns_query, see https://getdnsapi.net/presentations/stubby/

+1
wtoorop on May 14, 2020
Read more comments on GitHub
← candy-api: Unable to login to hub, API responds with "Call to a member function encodedId() on null""
stubby: Problem cross-compiling for MIPS router support →