Evan Hunt 36cf1c6a5b when forwarding, try with CD=0 first ... when sending a query to a forwarder for a name within a secure domain, the first query is now sent with CD=0. when the forwarder itself is validating, this will give it a chance to detect bogus data and replace it with valid data before answering. this reduces our chances of being stuck with data that can't be validated. if the forwarder returns SERVFAIL to the initial query, the query will be repeated with CD=1, to allow for the possibility that the forwarder's validator is faulty or that the bogus answer is covered by an NTA. note: previously, CD=1 was only sent when the query name was in a secure domain. today, validating servers have a trust anchor at the root by default, so virtually all queries are in a secure domain. therefore, the code has been simplified. as long as validation is enabled, any forward query that receives a SERVFAIL response will be retried with CD=1.		2025-03-24 17:33:11 -07:00
..
named.conf.in	when forwarding, try with CD=0 first	2025-03-24 17:33:11 -07:00