Hi Jan I understand. What can be confusing while researching this is that there seems to be different behaviors depending on which Tech you use (Powerdns, Bind, Windows AD DNS..)
In my case (which basically is Scenario 1 of the Powerdns Docu https://doc.powerdns.com/authoritative/guides/recursion.html) - hence i've choosed this design without dnsdist in front - could one not argue that technically it is not a recursion but a Forwarding/Conditional Forwarding in this scenario with the forward-zone configuration? To throw in a third tech besides Bind and Powerdns: The Windows AD DNS Forwarder keeps the AA Flag when it is getting the internal zones in a constellation where it is using Bind Resolver (my old infrastructure). If the Windows DNS would follow the approach you are mentioning it should not give back the AA Flag. Regards
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
