Is there updated text that matches this from RFC3655: "The AD bit MUST only be set if DNSSEC records have been requested via the DO bit [RFC3225] and relevant SIG records are returned."
We are observing a system that is setting the AD bit both without the DO bit set in the query and without supplying RRSIGs but I can't find any relevant text in the new RFCs. Thank you, Peter _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
