dig query

Alan Clegg aclegg at isc.org
Wed Jan 6 15:13:58 UTC 2010


Tony Finch wrote:

> The AD flag is meaningless in a query. In a response it tells you whether
> the server is authoritative or not. It has nothing to do with DNSSEC.

AD bit is authenticated data.  AA bit is authoritative answer.

AD has everything to do with DNSSEC.

AA has nothing to do with DNSSEC except that you'll ever get AD and AA
set at the same time since Authoritative servers never validate their
own responses.

AlanC



More information about the bind-users mailing list