error (broken trust chain) resolving
Casey Deccio
casey at deccio.net
Mon Nov 15 20:47:42 UTC 2010
On Mon, Nov 15, 2010 at 6:31 AM, Casey Deccio <casey at deccio.net> wrote:
>
> Well, I'm curious as to why you're not getting the AD bit set for the
> negative proof of existence for bondedsender.org/DS.
After a review of NSEC3 showed that this particular behavior is
expected because org has been signed using NSEC3 with the opt-out bit
set. RFC 5155, section 9.2:
http://tools.ietf.org/html/rfc5155#section-9.2
Casey
More information about the bind-users
mailing list