> Why would 149.20.64.20 return ad then? It's not authoritative either...
As I understand it, you need a dnssec-enabled recursive resolver to get an AD flag returned. An authoritative-only server will never return an AD flag. Jeff. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users