[Pdns-users] Wrongly sets the Authoritative Answer flag?
bert hubert
ahu at ds9a.nl
Wed Mar 12 13:55:49 UTC 2003
On Wed, Mar 12, 2003 at 02:24:39PM +0100, Stephane Bortzmeyer wrote:
> I'm starting to experiment with PowerDNS on the '.fr' zone. I see that
> PowerDNS sets the Authoritative Answer flag for queries about NS
> records which are not in '.fr' but in a child zone:
Hmm.
> ; <<>> DiG 9.2.1 <<>> @fr-powerdns.dnsexp ns cfdt.fr.
> ...
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> ...
> ;; ANSWER SECTION:
> cfdt.fr. 345600 IN NS proof.rain.fr.
> cfdt.fr. 345600 IN NS relay.globalintranet.net.
>
> I believe that PowerDNS is wrong. The server is authoritative for
> '.fr', not for '.enst.fr'. nsd and BIND9 do not set the AA flag.
This is a bit tricky - I think you mean, that it is not authoritative for
cfdt.fr, but only for .fr - but that doesn't change anything.
I'm wondering what is right. PowerDNS differs in this behaviour from other
implementations. I'm still searching in the relevant RFCs where it says that
it should drop the AA bit when answering a question for an NS record in the
zone, for which it has authority.
PowerDNS drops the AA bit when it hands out a referral, but in this case
PowerDNS figures that it has the right answer, and it feels authoritative. A
question for an A record for cfdt.fr would get a non-AA answer, as powerdns
has no clue.
I'm willing to fix this if it turns out that RFCs demand or stipulate this
behaviour but this would be behind a flag as it would probably hurt
performance.
Stephane, I'm investigating this further, will report what I find. Should
you know which RFC mentions this behaviour and where, that will speed things
up.
Thanks!
Regards,
bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
http://netherlabs.nl Consulting
More information about the Pdns-users
mailing list