On 13/01/2014 15:14, Olafur Gudmundsson wrote:
A better way might be to propose an EDNS0 option that expresses to the resolver:
only answer if AD==1
and defines a new RCODE to express only insecure answer exists.
I don't see how this helps. If the application can't be updated to check
AD=1, then it presumably can't be updated to send an EDNS option.
Or if you're proposing to patch the libc resolver, then it could just as
easily force/check AD=1, surely?
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
