Feb. 9, 2011
2:01 p.m.
* Patrick Vande Walle wrote:
Currently, with DNSSEC enabled on the DNS resolver you use (typically, the one assigned to you by your ISP), a domain name failing DNSSEC resolution returns a code to your browser saying the domain does not exist
Currently almost all ISP's validating resolvers will return the "invalid" data without the AD bit set. So the widly used plugins for Firefox and MSIE will report an warning in the address line. I do expext this way to become the default resolution policy. If you need the validation, you will rely on the AD bit or use the newer API (val_get...) to provider much better error messages to the user.