At 1:28 +0100 3/27/09, Holger Zuleger wrote:
So why doesn't an authoritative name server set the AD bit on
answers to queries with the DO flag set?
Good question. Perhaps the authoritative server does not have DNSSEC enabled?
(BIND specific - in recent versions of BIND, since Feb 2007, if
dnssec-enabled is not yes, it doesn't do DNSSEC processing.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop