<div dir="ltr">Hi<div><br></div><div>>AUTHORITY has nothing to do with wether the answer is authoritative. You need to look at the flags</div><div><br></div><div><p style="margin-bottom:1rem;margin-top:0px;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">Yes I've realized that after more research that the aa flag is the real thing to look for.</p><p style="margin-bottom:1rem;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">The pdns-recursor runs on port 53 on the server and forward the queries for the internal zone through the forward-zone file to the port 53 from the pdns authoritiative on the same server - like</p><p style="margin-bottom:1rem;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">...<br><a href="http://example1.mydomain.com">example1.mydomain.com</a>=<a href="http://10.0.11.100:5300">10.0.11.100:5300</a><br>...</p><p style="margin-bottom:1rem;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">I found other posts in pdns mailings about the same with no answers: <a class="gmail-relative gmail-pointer-events-auto gmail-a gmail-cursor-pointer gmail-underline" href="https://mailman.powerdns.com/pipermail/pdns-dev/2020-April/001775.html" rel="noopener nofollow ugc" target="_blank" style="font-size:1em;margin-top:0px;margin-bottom:0px">https://mailman.powerdns.com/pipermail/pdns-dev/2020-April/001775.html</a><br>And then another one in a little bit of a different context but with someone replying at the end of the thread that this is an expected behavior</p><p style="margin-bottom:1rem;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">-> <a class="gmail-relative gmail-pointer-events-auto gmail-a gmail-cursor-pointer gmail-underline" href="https://pdns-users.mailman.powerdns.narkive.com/FjxQ55ou/recursor-pdns-authoritative-and-axfr-problem" rel="noopener nofollow ugc" target="_blank" style="font-size:1em;margin-top:0px;margin-bottom:0px">https://pdns-users.mailman.powerdns.narkive.com/FjxQ55ou/recursor-pdns-authoritative-and-axfr-problem</a></p><p style="margin-bottom:1rem;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">So from research i found two basic sides:</p><p style="margin-bottom:1rem;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">a) some say this is the expected behavior and is correct<br>b) others are worried about it too and are not sure whether if this is generates problems for some stuff or not</p><p style="margin-bottom:1rem;color:rgb(19,19,19);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol",sans-serif;font-size:14px">So it leaves me guessing whether i have to care about it for my internal dns infrastructure (i'm pretty sure that it would not be a problem but not 100% sure)</p></div><div><br></div><div><br></div><div>>
BTW, obfuscation isn't ever helpful for having people help on a mailing list [1]</div><div><br></div><div>I agree - espeically if the obfuscation is not done in a proper way.<br><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Am Fr., 1. Nov. 2024 um 15:10 Uhr schrieb Jan-Piet Mens via Pdns-users <<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">>$ dig <a href="http://test.example1.mydomain.com" rel="noreferrer" target="_blank">test.example1.mydomain.com</a> @<ip-of-my secondary><br>
>; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu<br>
>...<br>
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<br>
<br>
>As you can see above "AUTHORITY: 0" is a none authoritative answer<br>
<br>
AUTHORITY has nothing to do with wether the answer is authoritative. You need<br>
to look at the flags: this query has RD (recursion desired) and RA (recursion<br>
available), meaning you are querying a recursive server and hence no AA (authoritative<br>
answer) in the flags.<br>
<br>
BTW, obfuscation isn't ever helpful for having people help on a mailing list [1]<br>
<br>
<br>
-JP<br>
<br>
[1] <a href="https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open" rel="noreferrer" target="_blank">https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open</a><br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote></div>