> I don't see specific reference to using the AD flag in queries in the > RFCs (at least on a cursory glance), but it's a very useful feature.
We're kind of flying under the RFC's radar, as I understand it. The RFC says the server must ignore the AD flag in a query. What we do, though, is clear the AD flag when answering if the signatures don't validate, but *leave it alone* if they do. So if you did happen to set the AD flag, and the answer validated, then it would still be set when you got your response. I don't know of any RFC that expressly describes this usage (though I may have missed one), but in any case it's not forbidden, and it's useful, so... -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
