Re: [knot-dns-users] why is kdig different to dig?

Moin! On 25 Feb 2019, at 10:32, Arsen STASIC wrote: Binds dig is using EDNS0 and other unnecessary stuff like cookies per default, while kdig per default emulates and old style DNS client without bells and whistles, and thus does not get AD, as this was only defined with DNSSEC (RFC2535/3655/4035). Having EDNS0 support even without setting DO is considered to be able to interpret the AD bit, while clients without EDNS0 are considered not to be able to interpret it and thus don’t get it. So long -Ralf —-- Ralf Weber