On Sat, Nov 02, 2024 at 08:04:19AM +0100, rob777 via Pdns-users wrote: > Hi > > >AUTHORITY has nothing to do with wether the answer is authoritative. You > need to look at the flags > > Yes I've realized that after more research that the aa flag is the real > thing to look for. > > The pdns-recursor runs on port 53 on the server and forward the queries for > the internal zone through the forward-zone file to the port 53 from the > pdns authoritiative on the same server - like > > ... > example1.mydomain.com=10.0.11.100:5300 > ... > > I found other posts in pdns mailings about the same with no answers: > https://mailman.powerdns.com/pipermail/pdns-dev/2020-April/001775.html > And then another one in a little bit of a different context but with > someone replying at the end of the thread that this is an expected behavior > > -> > https://pdns-users.mailman.powerdns.narkive.com/FjxQ55ou/recursor-pdns-authoritative-and-axfr-problem > > So from research i found two basic sides: > > a) some say this is the expected behavior and is correct > b) others are worried about it too and are not sure whether if this is > generates problems for some stuff or not > > So it leaves me guessing whether i have to care about it for my internal > dns infrastructure (i'm pretty sure that it would not be a problem but not > 100% sure)
Not setting the aa bit is by design. Only answers directly coming from an authoritative server are supposed to set the aa bit. See https://www.rfc-editor.org/rfc/rfc1035#section-4.1.1 For client it does not matter. It does matter only in recursor <-> authoritative server traffic. -Otto > > > > BTW, obfuscation isn't ever helpful for having people help on a mailing > list [1] > > I agree - espeically if the obfuscation is not done in a proper way. > > > Am Fr., 1. Nov. 2024 um 15:10 Uhr schrieb Jan-Piet Mens via Pdns-users < > pdns-users@mailman.powerdns.com>: > > > >$ dig test.example1.mydomain.com @<ip-of-my secondary> > > >; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu > > >... > > >;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > > > >As you can see above "AUTHORITY: 0" is a none authoritative answer > > > > AUTHORITY has nothing to do with wether the answer is authoritative. You > > need > > to look at the flags: this query has RD (recursion desired) and RA > > (recursion > > available), meaning you are querying a recursive server and hence no AA > > (authoritative > > answer) in the flags. > > > > BTW, obfuscation isn't ever helpful for having people help on a mailing > > list [1] > > > > > > -JP > > > > [1] > > https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
