Proposed addition for dnssec-bis-updates: AD bit
Looking at the dnssec-bis-updates presentation from the DNSEXT meeting
in Philadelphia, it was apparent that a few bits had fallen through
the cracks between then and now. This is one of them. Anyway, here
is the proposed additional text:
3.6. Setting the AD bit on Replies
Section 3.2.3 of [RFC4035] describes under which conditions a
validating resolver should set or clear the AD bit in a response.
order to protect legacy stub resolvers and middleboxes, validating
resolvers SHOULD only set the AD bit when a response both meets the
conditions listed in RFC 4035, section 3.2.3, and the request
contained either a set DO bit or a set AD bit.
Note that the use of the AD bit in the query was previously
undefined. This document defines it as a signal indicating that the
requester understands and is interested in the value of the AD bit
the response. This allows a requestor to indicate that it
understands the AD bit without also requesting DNSSEC data via the
David Blacka <firstname.lastname@example.org>
Sr. Engineer Platform Product Development
to unsubscribe send a message to [email]email@example.com[/email] with
the word 'unsubscribe' in a single line as the message text body.