DO says that you *understand* DNSSEC and that it is ok to
        send a DNSSEC response.  It does not mean that you will be
        validating the response.

        named in all production versions of BIND 9 (9.1.0 onwards)
        has set DO on all EDNS queries.  BIND 9.1.1 onwards named
        copies DO to the response.

        BIND 8 does EDNS w/o setting or examining D0.

        What this says is that over half the world is in a position
        to turn on DNSSEC validation today if they want to.

        Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to