Paul Stewart wrote:
I think I have found a bug in the way dns queries are interpreted.
I created two requests using the following dig commands
dig @192.168.1.1 www.domain.com +adflag
dig @192.168.1.1 www.domain.com +cdflag
The first request shows up properly with 0x0120 as the flags. However
the center pane shows no no flag at all set when you expand the flag
portion of the center pane.
At least according to RFC 2535, the AD flag is set in responses, not
requests. I presume that was the rationale for not checking for that
bit when dissecting requests, but perhaps it should be dissected anyway
- is there a subsequent RFC or Internet-Draft that indicates that AD is
meaningful in requests?
The second request shows up properly with 0x0110 as the flags. This
example incorectly identifies the Authenticate (AD) flag set. 0x0110
specifically |10| denotes the cd flag. 0x0120 (first request) denotes
the AD flag.
At least with current SVN Ethereal, the second request is dissected as
having the 0x0010 bit set; that's the CD bit, and it's dissected as
"Non-authenticated data OK: Non-authenticated data is acceptable".
According to RFC 2535, that bit "indicates in a query that Pending
(non-authenticated) data is acceptable to the resolver sending the
query" - that sounds like "Non-authenticated data is acceptable". In
the version of Ethereal you're using, does it instead say
"Answer/authority portion was authenticated by the server", i.e. the
description of the AD flag? If so, you might have an old version of
Ethereal; I don't know whether the wrong strings were used for the
0x0010 bit in earlier versions of Ethereal or not.