In article <mailman.265.1285967251.555.bind-us...@lists.isc.org>, lst_ho...@kwsoft.de wrote:
> Zitat von Alan Clegg <acl...@isc.org>: > > > On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote: > > > >> Sorry for being unclear. We want the SERVFAIL as it should be for > >> invalid DNSSEC data *in all cases* eg. even if a client ask with the > >> cdflag (checking disable) set. > > > > CD means "don't check", so you can't by definition. > > > > AlanC > > > > That i was afraid of. It's a pitty that there is no way to save the > downstream clients from stupid resolvers/downstream caches. Since CD is not set by default, a "stupid resolver" that doesn't know about DNSSEC won't set it. Someone has to go out of their way to request this behavior. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
