[nsd-users] do bit

Miek Gieben miek at miek.nl
Tue Sep 20 08:27:32 UTC 2011

[ Quoting Matthijs Mekking at 10:21 on September 20 in "Re: [nsd-users] do bit"... ]
> Hi Miek,
> You are hitting something old. From the REQUIREMENTS of NSD:
>     + If the DNSSEC OK bit (DO bit) is set then the query will be
>       processed as a DNSSEC request. Although RFC3225 does not
>       explicitly specify this NSD clears the DO bit in the answer.
> This has been in there since version 1.0.1 :)

no way! :)

> I believe that the scope RFC3255 is explicit for resolvers, and RFC 4034
> is not clear about it what an authoritative server should do.

ah, okay. I was put off guard by this line in 3225.

    The DO bit of the query MUST be copied in the response.

grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20110920/47f6e0c9/attachment.bin>

More information about the nsd-users mailing list