dig query
Evan Hunt
each at isc.org
Wed Jan 6 20:47:46 UTC 2010
> I don't see specific reference to using the AD flag in queries in the
> RFCs (at least on a cursory glance), but it's a very useful feature.
We're kind of flying under the RFC's radar, as I understand it. The RFC
says the server must ignore the AD flag in a query. What we do, though,
is clear the AD flag when answering if the signatures don't validate, but
*leave it alone* if they do. So if you did happen to set the AD flag, and
the answer validated, then it would still be set when you got your response.
I don't know of any RFC that expressly describes this usage (though I may
have missed one), but in any case it's not forbidden, and it's useful, so...
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list