On Wed, Aug 05, 2020 at 06:47:38PM +0200, Florian Weimer wrote:
> > Stub resolvers should do the same if they have enough brain to do so :-)
>
> They are quite forgetful by design on some systems. But in general,
> this issue is not a problem for them because they do not enable EDNS.
Except when they specifically request DNSSEC records.
- Because they want to perform their own validation, or
- Because legacy libresolv does not have a way to solicit
just the AD bit, but does return it with RES_USE_DNSSEC.
--
Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
