On Sep 11, 2013, at 8:11 AM, Brian Cuttler <br...@wadsworth.org> wrote: > We have remapped some of our DNS clients to point to another > DNS resolver, one that we do not control, but that has "forwarder" > records in place to point our domain's address resolution requests > back to an authoritative server in our domain. > > Dig is showing authoritative answer when I query my domain's server > for an address that I own. > > Dig is NOT showing authoritative when I query the other domain's server. > > I'd have thought that the forwarded request, coming from my server, > would have resulted in an authoritative reply.
When you query a non-authoritative server, such as one configured to forward the query to another server, the result is supposed to be marked non-authoritative. That's the point of the 'aa' flag. Not all name servers behave this way, but they are supposed to. BIND 9 behaves correctly. Regards, Chris Buxton _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
