In message <a06240801c5f1ced4c...@[130.129.66.226]>, Edward Lewis writes:
> At 1:28 +0100 3/27/09, Holger Zuleger wrote:
>
> >So why doesn't an authoritative name server set the AD bit on
> >answers to queries with the DO flag set?
>
> Good question. Perhaps the authoritative server does not have DNSSEC enabled
> ?
>
> (BIND specific - in recent versions of BIND, since Feb 2007, if
> dnssec-enabled is not yes, it doesn't do DNSSEC processing.)
AD=1 is a may. We recommend that you have a recursive-only
view if you are mixing recursion and authoritative modes in
the one server.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
