In article <[email protected]>, [email protected] wrote:
> Zitat von Alan Clegg <[email protected]>: > > > On 10/1/2010 4:50 PM, [email protected] wrote: > > > >> Sorry for being unclear. We want the SERVFAIL as it should be for > >> invalid DNSSEC data *in all cases* eg. even if a client ask with the > >> cdflag (checking disable) set. > > > > CD means "don't check", so you can't by definition. > > > > AlanC > > > > That i was afraid of. It's a pitty that there is no way to save the > downstream clients from stupid resolvers/downstream caches. Since CD is not set by default, a "stupid resolver" that doesn't know about DNSSEC won't set it. Someone has to go out of their way to request this behavior. -- Barry Margolin, [email protected] Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
