On 11/14/13 1:29 PM, Kevin Oberman wrote: > Don't forget that Google will white-list domains with known (by them) > broken DNSSEC and reply even though validation is broken, so using > 8.8.8.8 for checking on whether validation is broken is not the best idea.
Really? Google sets the ad flag for known non-authenticated data? Or are you saying Google will respond to any +dnssec query but without the ad flag if that domain's configuration is broken? Or something else? Thanks dn _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
