[dns-operations] Setting DO=1 only if validation is possible

Florian Weimer fw at deneb.enyo.de
Sun Oct 4 19:05:36 UTC 2009

* Paul Vixie:

>> From: Florian Weimer <fw at deneb.enyo.de>
>> Date: Sun, 04 Oct 2009 16:27:51 +0000
>> ...
>> Does this mean that there are no security-aware, validating DNSSEC
>> resolvers which set DO=1 only when necessary?
> as far as i know, it is always necessary to set DO=1.

It's not if you are willing to requery with DO=1 if a DO=1 client
query comes along.

More information about the dns-operations mailing list