On 2013-03-20, at 05:55, Phil Pennock <[email protected]> wrote:
> Mind, I think that unbound's approach is sane and I'm happy it is as it > is, but still, if an application wants to _rely_ on DNSSEC, then it > should be setting the DO flag and checking AD. This affects forthcoming > DANE support, for instance. I think if an application wants to _rely_ on DNSSEC, then it should be setting the DO bit and the CD bit, and doing its own validation. Joe _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
