[dns-operations] Added a DO+CD test to genreport and a number of the root servers fail.
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Jun 13 14:56:10 UTC 2018
Am 13.06.2018 um 15:21 schrieb Mark Andrews:
> According to RFC 4035 CD is supposed to be copied to the reply.
Only for resolvers, not for authoritative name servers:
3.1.6. The AD and CD Bits in an Authoritative Response
...
A security-aware name server does not perform signature validation
for authoritative data during query processing, even when the CD bit
is clear. A security-aware name server SHOULD clear the CD bit when
composing an authoritative response.
regards
Klaus
More information about the dns-operations
mailing list