[Unbound-users] AD bit set for NXDOMAIN but should not?
bortzmeyer at nic.fr
Tue Mar 1 08:18:28 UTC 2011
On Mon, Feb 28, 2011 at 05:07:05PM +0100,
W.C.A. Wijngaards <wouter at NLnetLabs.nl> wrote
a message of 64 lines which said:
> Well, since below the optout stuff is not signed, it is true that
> the NXDOMAIN is not fully secure, so I support the notion that
> unbound should not give an AD flag.
Do you plan to change the behaviour of Unbound? I ask it because we
are developing monitoring tools and they rely on the presence/absence
of the AD bit, that's why we were disturbed by the discrepancy between
BIND and Unbound.
> Example B.1 in RFC5155 is wrong, and it should be changed
I let you report it at <http://www.rfc-editor.org/errata.php>, I'm not
confident enough to do it.
More information about the Unbound-users