On Mon, Nov 15, 2010 at 6:31 AM, Casey Deccio <[email protected]> wrote: > > Well, I'm curious as to why you're not getting the AD bit set for the > negative proof of existence for bondedsender.org/DS.
After a review of NSEC3 showed that this particular behavior is expected because org has been signed using NSEC3 with the opt-out bit set. RFC 5155, section 9.2: http://tools.ietf.org/html/rfc5155#section-9.2 Casey _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
