[dns-operations] Setting DO=1 only if validation is possible
Florian Weimer
fw at deneb.enyo.de
Sun Oct 4 19:05:36 UTC 2009
* Paul Vixie:
>> From: Florian Weimer <fw at deneb.enyo.de>
>> Date: Sun, 04 Oct 2009 16:27:51 +0000
>> ...
>> Does this mean that there are no security-aware, validating DNSSEC
>> resolvers which set DO=1 only when necessary?
>
> as far as i know, it is always necessary to set DO=1.
It's not if you are willing to requery with DO=1 if a DO=1 client
query comes along.
More information about the dns-operations
mailing list