Redefinition of DNS Authenticated Data (AD) bit, November 2003
- File formats:
- PROPOSED STANDARD
- Obsoleted by:
- RFC 4033, RFC 4034, RFC 4035
- RFC 2535
- B. Wellington
- dnsext (int)
Discuss this RFC: Send questions or comments to the mailing list [email protected]
This document alters the specification defined in RFC 2535. Based on implementation experience, the Authenticated Data (AD) bit in the DNS header is not useful. This document redefines the AD bit such that it is only set if all answers or records proving that no answers exist in the response has been cryptographically verified or otherwise meets the server's local security policy.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.