On 2011-05-20, at 00:35, Carlos Vicente wrote: > That's news to me. What's the failure mode? Does the server return SERVFAIL, > or does it not set the AD flag, or...?
It's another undefined condition in the RFCs, and so the outcome is implementation specific. I believe in the case of BIND the authoritative algorithm wins out, and so you get RRSIGs and no AD flag. I haven't tested this one out personally, but I vaguely recall the problem coming up on one of the DNS operations lists several months ago, so someone else may have a more detailed answer. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
