On 6 Feb 2016, at 16:41, Shumon Huque wrote:
On Sat, Feb 6, 2016 at 7:36 PM, Paul Hoffman <paul.hoff...@vpnc.org>
wrote:
Greetings again. While doing some testing, I came across something
that is
both consistent across implementations but that I do not find in RFC
4033,
4034, or 4035. If a query for a properly-signed zone is sent to
BIND-as-recursor, Unbound, or Google DNS, and the AD bit in the
request is
set to 1, the answer returned has the AD bit set to 1. However, if
the
query has the AD bit set to 0, the response always has the AD bit set
to 0,
even though the requested zone is properly signed.
This happens regardless of whether or not there is an EDNS0 extension
with
the DO bit set to 1.
I can't find anywhere in 403[3:5] that says that the AD bit in the
request
means anything. Did I miss that? Or is it specified in a different
RFC?
--Paul Hoffman
Paul,
https://tools.ietf.org/html/rfc6840#section-5.7
Thanks! I knew it was somewhere, but I had forgotten it is there.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
