> On Sep 11, 2017, at 6:35 PM, Phil Pennock <[email protected]> wrote: > > For the DNSSEC folks, being able to affirm validation > without trusting across-the-wire that AD bit is tamper-proof is nice.
DNSSEC in stub resolvers is rather nice in theory, however, in practice DNSSEC needs to happen in the iterative resolver. See: https://github.com/kazu-yamamoto/dns/issues/54#issuecomment-327932473 -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
