Pamela Rock wrote: > The following dig query > > dig gov +dnssec +noadflag @10.10.10.1 > > produces the following flags in the header section: > > ;; flags: qr rd ra ad; > > Question - what is the relation with the +dnssec and +noadflag > options in the query. I would think the query would produce a signed > response with no ad bit in the header section. Why does ad show up > when I specify +noadflag?
AD is set when authentication is successful by the server to whom you are sending the query. The "+noadflag" says don't set the AD bit in the outbound query (which is the default). AlanC _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
