[Pdns-users] authoritative answers or not?
bert.hubert at netherlabs.nl
Fri Oct 6 13:31:07 UTC 2006
On Fri, Oct 06, 2006 at 03:25:52PM +0200, Alex van den Bogaerdt wrote:
b> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29529
p> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3449
b> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
p> ;; flags: qr aa rd ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
The answer is entirely the same, except for the "ra" bit (no clue what that
does), and some authority & additional cruft.
> The SOA record is part of the zone. As such, the answer should
> be an authoritative answer.
It is - that is determined by the 'aa' bit, from
Q: PowerDNS does not give authoritative answers, how come?
A: This is almost always not the case. An authoritative answer is
recognized by the 'AA' bit being set. Many tools prominently print the
number of Authority records included in an answer, leading users to conclude
that the absence or presence of these records indicates the authority of an
answer. This is not the case.
Verily, many misguided country code domain operators have fallen into
this trap and demand authority records, even though these are fluff and
quite often misleading. Invite such operators to look at section 6.2.1 of
RFC 1034, which shows a correct authoritative answer without authority
records. In fact, none of the non-deprecated authoritative answers shown
have authority records!
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-users