[nsd-users] do bit
Miek Gieben
miek at miek.nl
Tue Sep 20 08:27:32 UTC 2011
[ Quoting Matthijs Mekking at 10:21 on September 20 in "Re: [nsd-users] do bit"... ]
> Hi Miek,
>
> You are hitting something old. From the REQUIREMENTS of NSD:
>
> + If the DNSSEC OK bit (DO bit) is set then the query will be
> processed as a DNSSEC request. Although RFC3225 does not
> explicitly specify this NSD clears the DO bit in the answer.
>
> This has been in there since version 1.0.1 :)
no way! :)
> I believe that the scope RFC3255 is explicit for resolvers, and RFC 4034
> is not clear about it what an authoritative server should do.
ah, okay. I was put off guard by this line in 3225.
The DO bit of the query MUST be copied in the response.
grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20110920/47f6e0c9/attachment.bin>
More information about the nsd-users
mailing list