On Fri, Jul 17, 2020 at 11:45:22PM +0200, Jesper Wallin wrote: > Thoughts? > > > Yours, > Jesper Wallin
I found this very interesting. Too bad you didn't quote any RFC's that support this behaviour because RFC 4033 says you shouldn't set the AD bit in a query, RFC 4035 says something similar, but then digging some further in RFC 6840 (internet standard) it says in section 5.7: 5.7. Setting the AD Bit on Queries The semantics of the Authentic Data (AD) bit in the query were previously undefined. Section 4.6 of [RFC4035] instructed resolvers to always clear the AD bit when composing queries. This document defines setting the AD bit in a query as a signal indicating that the requester understands and is interested in the value of the AD bit in the response. This allows a requester to indicate that it understands the AD bit without also requesting DNSSEC data via the DO bit. I just wanted to add this as a thought supporting your patch. Best Regards, -peter
