[Pdns-users] Not Authoritative for AAAA when label does not exist in zone?

bert hubert bert.hubert at netherlabs.nl
Tue Jul 26 05:50:27 UTC 2011


On Mon, Jul 25, 2011 at 02:00:02PM -0700, Zane Thomas wrote:
> Sorry about that, will be sure to note use of my own backend in the future.

I suggest we move this discussion to pdns-dev.

> This following code is setting weHaveUnauth to true because sd.qname !=
> rr.qname
> 
>       // the line below fakes 'unauth NS' for delegations for non-DNSSEC
> backends.
>       if((rr.qtype == p->qtype && !rr.auth) || (rr.qtype.getCode() ==
> QType::NS && (!rr.auth || !pdns_iequals(sd.qname, rr.qname))))
>         weHaveUnauth=1;
> 
> 
> When that code executes, subsequent to the NS record returned above,
> sd.qname is bar.com and rr.qname is foo.bar.com.

This only hits if you have actually delegated foo.bar.com, in which queries
for anything foo.bar.com should indeed drop the aa bit.

	Bert



More information about the Pdns-users mailing list