Thanks michael. That's right for me.
> -----Original Message----- > From: mich...@rancid.berkeley.edu > Sent: Mon, 06 Jun 2011 20:41:03 -0700 > To: pen...@inbox.com > Subject: Re: querylog format > > On 6/6/11 8:09 PM, Jeff Peng wrote: >> Hello, >> >> The querylog of BIND in my hosts is like: >> >> client 58.240.56.18#16768: query: s18.mhxx.game.yy.com IN A -EDC >> >> For the last part, I know the '-' means non-recursion,'E' means EDNS. >> But what are the 'D' and 'C' flags? > > D = DO (DNSSEC Okay), client is requesting DNSSEC records and AD bit set > if server is doing validation and can validate the zone > > C = CD (Checking Disabled), client does not want the server to do > validation on the response, but to return it regardless. > > Although setting both flags sounds contradictory, it makes some sense > where a validating forwarding resolver wants to do its own validation > and enforce its own policy for dealing with valid/insecure/bogus zones. > > michael ____________________________________________________________ FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop! Check it out at http://www.inbox.com/earth _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
