I configure a BIND 9.5.0 P2 which is both a DNSSEC-validating resolver and an authoritative server.
With proper trust anchors, it DNSSEC-validates domains like iis.se or sources.org and sets the AD bit in the answers to 'dig +dnssec XXX iis.se'. Except for one domain, generic-nic.net, for which this BIND is authoritative: here, I get the right answer but without the AD bit. If I delete this domain from the list of zones served by this BIND, I get the AD bit again. Is it normal? Should the client be happy with just the AA bit? _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
