On 2013-03-20 at 08:22 +0100, Ondřej Surý wrote: > The question to answer is: How many stub resolver do set DO/AD flag or eve > allow to set it? So this doesn't make much sense to me to implement in > Unbound too, since I consider this practically useless.
Client applications can set it, because stub resolvers do permit it to be set. It's the RES_USE_DNSSEC flag for the resolver options field in the resolv.h interface; if your platform doesn't use resolv.h, pass. Exim current git head does this, if the dns_use_dnssec option is set; I added it last June. Mind, I think that unbound's approach is sane and I'm happy it is as it is, but still, if an application wants to _rely_ on DNSSEC, then it should be setting the DO flag and checking AD. This affects forthcoming DANE support, for instance. _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
