On Sat, Feb 6, 2016 at 7:36 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
> Greetings again. While doing some testing, I came across something that is > both consistent across implementations but that I do not find in RFC 4033, > 4034, or 4035. If a query for a properly-signed zone is sent to > BIND-as-recursor, Unbound, or Google DNS, and the AD bit in the request is > set to 1, the answer returned has the AD bit set to 1. However, if the > query has the AD bit set to 0, the response always has the AD bit set to 0, > even though the requested zone is properly signed. > > This happens regardless of whether or not there is an EDNS0 extension with > the DO bit set to 1. > > I can't find anywhere in 403[3:5] that says that the AD bit in the request > means anything. Did I miss that? Or is it specified in a different RFC? > > --Paul Hoffman > Paul, https://tools.ietf.org/html/rfc6840#section-5.7 Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
