[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver

Mark Andrews Mark_Andrews at isc.org
Mon May 26 00:22:25 UTC 2008


> * Edward Lewis wrote:
> > A SERVFAIL return from bad DNSSEC
> 
> This behavior is not longer default for i.e. bind. Now only the AD bit will
> not be set if validation fails.

	It is "BIND" not "bind" as "BIND" is a acronym.

	Unless you have set CD in the query, you will only get SERVFAIL
	on validation failures.

> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the dns-operations mailing list