25 Úno
2019
25 Úno
'19
11:09
On 2/25/19 11:00 AM, Ralf Weber wrote:
bind is also setting the AD bit on the query and this
actually
triggers it, though the RFC where this is defined currently doesn’t
come to my mind.
Yes, I don't remember which RFC, but it is standardized that if you
specify AD flag in query, the resolver should set it according to the
status even when you didn't specify DO flag. That can be a useful
combination when you don't want to validate yourself and thus have no
need for records like RRSIG. If there is neither DO nor AD in query,
the AD flag in reply should never be set (even if EDNS is used).
--Vladimir