31 October 2012
The Authentic Data (AD) flag is used by caching DNS servers to indicate that they have validated the DNSSEC records. The idea is that the client doesn't then have to repeat the check.
Use of the AD flag is, of course, safe only on a network where the security of the last mile is assured. Examples include company networks, campus networks and the closed networks belonging to internet access providers and mobile operators. On such networks, DNSSEC validation and DNS caching can be centralised on the recursive DNS servers.