On 6/6/11 8:09 PM, Jeff Peng wrote:
Hello,
The querylog of BIND in my hosts is like:
client 58.240.56.18#16768: query: s18.mhxx.game.yy.com IN A -EDC
For the last part, I know the '-' means non-recursion,'E' means EDNS.
But what are the 'D' and 'C' flags?
D = DO (DNSSEC Okay), client is requesting DNSSEC records and AD bit set
if server is doing validation and can validate the zone
C = CD (Checking Disabled), client does not want the server to do
validation on the response, but to return it regardless.
Although setting both flags sounds contradictory, it makes some sense
where a validating forwarding resolver wants to do its own validation
and enforce its own policy for dealing with valid/insecure/bogus zones.
michael
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
