The code is DNSSEC aware, it doesn't perform redirection if the client can detect that redirection has occured. So sign your zones and use a validating client (or just one that sets DO=1).
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
