[Unbound-users] Google Public DNS
Joe Abley
jabley at hopcount.ca
Wed Mar 20 11:55:57 UTC 2013
On 2013-03-20, at 05:55, Phil Pennock <unbound-users+phil at spodhuis.org> wrote:
> Mind, I think that unbound's approach is sane and I'm happy it is as it
> is, but still, if an application wants to _rely_ on DNSSEC, then it
> should be setting the DO flag and checking AD. This affects forthcoming
> DANE support, for instance.
I think if an application wants to _rely_ on DNSSEC, then it should be setting the DO bit and the CD bit, and doing its own validation.
Joe
More information about the Unbound-users
mailing list