On 27 Mar 2014, at 14:48, Mark Andrews wrote:
> No. If the answer is secure and DO=1 then it won't synthesis.
>
> RFC 6147 just gets DO and CD semantics completely wrong. The WG
> wanted there to be signaling that the client was going to validate
> and DNSSEC does not have such signaling. The
Hi list,
Just wanted to check my understanding of BIND9's implementation of DNS64
against RFC 6147.
Currently BIND9's "break-dnssec" defaults to "no" - in this configuration, a
security-aware & validating recursive resolver with will never synthesise a
record via DNS64 when queried with D
2 matches
Mail list logo
