[Pdns-users] PowerDNS recursor stripping AA bit from forwarded responses

Julian Mehnle julian at mehnle.net
Fri Feb 23 01:28:56 UTC 2018


bert hubert <bert.hubert at powerdns.com> wrote:

> Resolvers rarely if ever send out AA=1 answers. If you literally want to
> forward packets, dnsdist may be a better choice.
> Is the current behaviour causing you problems? If so can you tell us about
> those problems?

I can probably use dnsdist (I only just learned about it today), but given the description of the recursor's forward-zones option I assumed it was meant to "delegate" certain zones to authoritative servers, and I would've expected it to pass through the AA=1 bits coming back from such an authoritative server.

To explain what I'm trying to do: I want to serve a zone of dynamic A records referenced from SPF records with "exists:%{i}" mechanisms from a little custom DNS server, but I want to front this server with something that I trust to implement the DNS protocol robustly and securely. So I'll give dnsdist a try next.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180222/9b84c353/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180222/9b84c353/attachment.sig>

More information about the Pdns-users mailing list