Hi, On Thu, Aug 07, 2008 at 04:59:39PM +0200, Wouter Wijngaards wrote: > The default would need to be the safe behaviour. And the number of > users that need the unsafe behaviour is very small. Is an upgrade of > the other software an option? (it was expecting AD bits in replies, so > it can be made to set them in queries, I would think). FreeBSD uses the BIND9 resolver library and that doesn't yet have a supported twiddle to set AD on queries. I'll pop a note off to the ISC to ask if it's in the pipeline. In the meantime I've recompiled libresolv to set DO on queries and that's working fine for the moment. A configurable option in Unbound to have the `old BIND' behaviour while the world's stubs catch up to the new usage of AD in queries would definitely be good for me :) Thanks again, james -- Times flies like an arrow. Fruit flies like bananas.