On Fri, 23 Jan 2009 14:48:23 +0100 Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> I configure a BIND 9.5.0 P2 which is both a DNSSEC-validating resolver > and an authoritative server. > > With proper trust anchors, it DNSSEC-validates domains like iis.se or > sources.org and sets the AD bit in the answers to 'dig +dnssec XXX > iis.se'. > > Except for one domain, generic-nic.net, for which this BIND is > authoritative: here, I get the right answer but without the AD bit. We ran into a similar problem a while back -- see there : http://marc.info/?l=bind-users&m=117310800721413&w=2 > If I delete this domain from the list of zones served by this BIND, I > get the AD bit again. > > Is it normal? Should the client be happy with just the AA bit? Last time I checked they weren't, but things may have changed. Simon _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
