Re: [DNSOP] AD bit set by authoritative servers [was: Re: More solicitation for feedback on dns64]

Edward Lewis Thu, 26 Mar 2009 17:38:20 -0700

At 1:28 +0100 3/27/09, Holger Zuleger wrote:

So why doesn't an authoritative name server set the AD bit onanswers to queries with the DO flag set?


Good question.  Perhaps the authoritative server does not have DNSSEC enabled?

(BIND specific - in recent versions of BIND, since Feb 2007, ifdnssec-enabled is not yes, it doesn't do DNSSEC processing.)


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Getting everything you want is easy if you don't want much.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] AD bit set by authoritative servers [was: Re: More solicitation for feedback on dns64]

Reply via email to