On Sat, Jul 25, 2020 at 02:01:06PM +0200, Jeremie Courreges-Anglas wrote: > > For those two reasons I think the feature should be opt-in.
Yeah, I agree with you. My first approach was to have it check what kind of DNS record that was requested, and add the AD-flag only if type was SSHFP, but that felt even uglier. I also wasn't so sure my approach was the right one after reading the RFCs Peter J. Philipp mentioned. Perhaps another approach would be to make use of the currently unused flags argument in getrrsetbyname(3)? This way, only getrrsetbyname(3) and certain requests are affected by it. Yours, Jesper Wallin