[dns-operations] Sad news today: systemd-resolved to be deployed in Ubuntu 16.10
Robert Edmonds
edmonds at mycre.ws
Tue Jun 7 00:45:37 UTC 2016
Mark Andrews wrote:
> AD isn't a response-only bit. It is used in non EDNS queries and
> should only be returned by DNSSEC aware servers when the answer has
> been determined to be authentic. A RFC 1035 server won't copy it
> into the response but there is a lot of crud out there that doesn't
> actually implement RFC 1035. See
> https://ednscomp.isc.org/compliance/tld-fullreport.txt for TLD
> servers that copy the last reserved bit (974 of the test queries
> has the bit echoed back (zflag=mbz), the server count is lower) in
> the DNS header when it is present in the query in violation of RFC
> 1035.
OK, other than the RFC 6840 thing. Which is marked as "Comprehensively
Implemented, to the point appropriate for resolved" in [0].
[0] https://github.com/systemd/systemd/blob/master/src/resolve/RFCs
--
Robert Edmonds
More information about the dns-operations
mailing list