> Yeah, by the time it lands on Debian's glibc we'll have grown a long > long beard. I'm still missing RES_TRUSTAD...
Oh, this set me off on a tangent. I hadn't heard of RES_TRUSTAD before, so I found https://man7.org/linux/man-pages/man5/resolv.conf.5.html which under "trust-ad" contains this text: If the trust-ad option is active, the stub resolver sets the AD bit in outgoing DNS queries (to enable AD bit support), [...] I could not get that to rhyme with what I had perceived to be the semantics of the AD bit, so I looked up RFC 4035 where near the end of section 3 (just before 3.1), I find this text: The AD bit is controlled by name servers; a security-aware name server MUST ignore the setting of the AD bit in queries. So ... I can't get the glibc behaviour to mesh with the standard on this particular point. Regards, - Håvard _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users