Force Bind caching resolver to always obey DNSSSEC
Alan Clegg
aclegg at isc.org
Fri Oct 1 20:54:48 UTC 2010
On 10/1/2010 4:50 PM, lst_hoe02 at kwsoft.de wrote:
> Sorry for being unclear. We want the SERVFAIL as it should be for
> invalid DNSSEC data *in all cases* eg. even if a client ask with the
> cdflag (checking disable) set.
CD means "don't check", so you can't by definition.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101001/7dec5187/attachment.bin>
More information about the bind-users
mailing list