Some notes:
	When querying an authoritative server directly, data will not be verified! Even if a signature is corrupt (i.e. the data is BAD). This is because the authoritative server trusts the data from disk. Note that both the ÔadÕ and ÔaaÕ flags are set.
	The semantics of the AD bit are under discussion. There are several issues that mainly have to do with what exactly is covered by the ÔadÕ statement of security.