On Fri, Jan 15, 2016 at 01:03:41PM +0000, Tony Finch <d...@dotat.at> wrote a message of 22 lines which said:
> If you are unlucky enough to be on a network that intercepts DNS > queries and diverts them to a recursive server, you are likely to > get RA=1 AA=0 answers to priming queries. Your resolver ought to > soldier on as best it can in this situation. If the resolver validates with DNSSEC, it may go on in such a case. If it doesn't, I'm tempted to say that it should give in and tell the sysadmin that it cannot do its job properly and safely. At the very minimum, such problem should be escalated to the sysadmin. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
