On Mon, Nov 15, 2010 at 6:31 AM, Casey Deccio <ca...@deccio.net> wrote: > > Well, I'm curious as to why you're not getting the AD bit set for the > negative proof of existence for bondedsender.org/DS.
After a review of NSEC3 showed that this particular behavior is expected because org has been signed using NSEC3 with the opt-out bit set. RFC 5155, section 9.2: http://tools.ietf.org/html/rfc5155#section-9.2 Casey _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users