<div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace"><span style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">TLDR - seeking a quick-n-dirty way to set/keep the AA flag in the pdns-recursor response when recursing locally from forward-zones-file.<br></span><span style="color:rgb(0,0,0);font-family:Consolas,Courier,monospace;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none"></span><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">For the time being, since there are thousands of users, we continue to use PowerDNS for recursion and for Authoriative DNS on the same server.<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">We have pdns-recursor listening on port 53, but if the domain is in the forward-zones-file it forwards locally to port 5300 where PowerDNS responds authoritatively.<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">This works fine, but since it is technically recursing I guess it is not setting the AA flag. Per some RFC this is bad since an authoritative server shouldn't be recursing and so some services (Barracuda Networks and mxtoolbox) will catch this and flag it accordingly as "lame" DNS.<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">This is not a problem for millions of emails, but for clients that use Barracuda Networks for SMTP and security, they are not being allowed to send email to <a href="http://pldi.net">pldi.net</a>.<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"># dig +all @localhost -p 53 <a href="http://pldi.net">pldi.net</a> ns<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">;; Got answer:<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20834<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"># dig +all @localhost -p 5300 <a href="http://pldi.net">pldi.net</a> mx<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">;; Got answer:<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63458<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1<br></div><div style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><span style="margin:0px;padding:0px;border:0px none;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-weight:400;font-stretch:inherit;font-size:16px;line-height:inherit;font-family:Consolas,Courier,monospace;vertical-align:baseline;color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Is there a configuration option or even a script I could put in place to force the aa flag in the pdns-recursor response when in the forward-zones-file?</span></div><br>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"><span style="font-size:12pt;color:black"> </span></p><table style="color:rgb(33,33,33);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td style="padding:0in 0in 0.75pt"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b><i><span style="font-size:10pt;font-family:"Open Sans";color:rgb(238,41,55)">Mike Steele</span></i></b><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)"></span></p></td></tr><tr><td style="padding:3pt 0in 1.5pt"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b style="font-size:14.6667px"><i><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">System Integrator</span></i></b><b style="font-size:11pt"><i><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)"><br></span></i></b></p><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b style="font-size:11pt"><i><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">Broadband Services </span></i></b><br></p><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b style="font-size:11pt"><i><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">Pioneer Telephone Coop.</span></i></b></p><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)"></span></p></td></tr><tr><td style="padding:0in"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">PO Box 539</span><span style="font-size:10pt;font-family:"Open Sans Semibold";color:rgb(65,55,57)"> </span><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">»</span><span style="font-size:10pt;font-family:"Open Sans Semibold";color:rgb(65,55,57)"> </span><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">Kingfisher</span><span style="font-size:10pt;font-family:"Open Sans Semibold";color:rgb(65,55,57)">, </span><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">OK</span><span style="font-size:10pt;font-family:"Open Sans Semibold";color:rgb(65,55,57)"> </span><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">73750</span></p></td></tr><tr><td style="padding:0in"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:"Open Sans Semibold";color:rgb(65,55,57)">o: </span><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)">405.375.0542</span></p></td></tr><tr><td style="padding:0in"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)"><a href="mailto:mike.steele@pldtechs.net" title="Click to send email to Mike Steele" style="color:purple" target="_blank"><span style="color:rgb(65,55,57);text-decoration:none">mike.steele@pldtechs.net</span></a></span></p></td></tr><tr><td style="padding:0in 0in 5.25pt"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)"><a href="http://www.ptci.com/" title="" style="color:purple" target="_blank"><span style="color:rgb(65,55,57);text-decoration:none">ptci.com</span></a></span><span style="font-size:10pt;font-family:"Open Sans Semibold";color:rgb(65,55,57)"> | </span><span style="font-size:10pt;font-family:"Open Sans";color:rgb(65,55,57)"><a href="http://www.wirelesspioneer.com/" title="" style="color:purple" target="_blank"><span style="color:rgb(65,55,57);text-decoration:none">WirelessPioneer.com</span></a></span></p></td></tr></tbody></table><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33)"><span style="font-size:12pt;color:black"> <br></span></p><span style="color:rgb(33,33,33);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px"></span><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;color:rgb(33,33,33);text-align:center" align="center"><span style="font-size:12pt;color:black"></span></div></div></div></div></div></div></div>