>> > Following the "not a bug" response from the BIND maintainers >> > yesterday evening, can you please point to chapter and verse >> > mandating this behaviour for non-authoritative recursive >> > resolvers? >> >> RFC4035 3.2.3 for validators, all RRsets in answer and authority >> sections should be authentic ... >> >> https://tools.ietf.org/html/rfc4035#section-3.2.3 > > That's about setting the ad bit. Was it set in this response?
Nope AD=1 was not set in the response, and I would guess that is as expected, since CD=1 was set in the query. Regards, - HÃ¥vard