Hi , I am Ganesh and I work for wipro. We are currently working on porting DNS BIND 4.8 to DNS BIND 9.2.3. My platform is HP-Nonstop servers. I have a specific query regarding the role of resolver library in DNSSEC. Query: Does DNS BIND 9.2.3 support caching and verification of RRs (resourse records) on the resolver library part by default? We are trying to port 4.8 resolver code to 9.2.3 resolver code. Since Our platfrom doesn't support OPenssl, we are trying to lookout for this option. we wanted to know, whether by default any authentication is enabled at the resolver part in BIND 9.2.3. We understand that RFC2535 states CD and AD bit. If CD bit is set, then resolver doesn't do auth and integrity tests. Is this CD bit disabled or enabled in BIND 9.2.3? To reiterate the whole question again, we wanted to know the role of resolver with respect to DNSSEC in BIND 9.2.3! Since, we are pretty new to DNSSEC, we need your valuable inputs on the above query. regards, Ganesh. Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or Mailadmin@wipro.com immediately and destroy all copies of this message and any attachments.