Re: [DNSOP] Authoritative Servers and the AD bit
On Thu, Jun 09, 2016 at 09:14:28AM -0400, Peter DeVries wrote: > We are observing a system that is setting the AD bit both without the > DO bit set in the query and without supplying RRSIGs but I can't find > any relevant text in the new RFCs. If the AD bit was set in the query that's being answered, that's legit under RFC 6840 sections 5.7 and 5.8. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Authoritative Servers and the AD bit
Is there updated text that matches this from RFC3655: "The AD bit MUST only be set if DNSSEC records have been requested via the DO bit [RFC3225] and relevant SIG records are returned." We are observing a system that is setting the AD bit both without the DO bit set in the query and without supplying RRSIGs but I can't find any relevant text in the new RFCs. Thank you, Peter ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop