[Pdns-users] Authoritative PDNS gives back non-authoritative Answers for records
rob777
rogbru at gmail.com
Sat Nov 2 07:04:19 UTC 2024
Hi
>AUTHORITY has nothing to do with wether the answer is authoritative. You
need to look at the flags
Yes I've realized that after more research that the aa flag is the real
thing to look for.
The pdns-recursor runs on port 53 on the server and forward the queries for
the internal zone through the forward-zone file to the port 53 from the
pdns authoritiative on the same server - like
...
example1.mydomain.com=10.0.11.100:5300
...
I found other posts in pdns mailings about the same with no answers:
https://mailman.powerdns.com/pipermail/pdns-dev/2020-April/001775.html
And then another one in a little bit of a different context but with
someone replying at the end of the thread that this is an expected behavior
->
https://pdns-users.mailman.powerdns.narkive.com/FjxQ55ou/recursor-pdns-authoritative-and-axfr-problem
So from research i found two basic sides:
a) some say this is the expected behavior and is correct
b) others are worried about it too and are not sure whether if this is
generates problems for some stuff or not
So it leaves me guessing whether i have to care about it for my internal
dns infrastructure (i'm pretty sure that it would not be a problem but not
100% sure)
> BTW, obfuscation isn't ever helpful for having people help on a mailing
list [1]
I agree - espeically if the obfuscation is not done in a proper way.
Am Fr., 1. Nov. 2024 um 15:10 Uhr schrieb Jan-Piet Mens via Pdns-users <
pdns-users at mailman.powerdns.com>:
> >$ dig test.example1.mydomain.com @<ip-of-my secondary>
> >; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu
> >...
> >;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> >As you can see above "AUTHORITY: 0" is a none authoritative answer
>
> AUTHORITY has nothing to do with wether the answer is authoritative. You
> need
> to look at the flags: this query has RD (recursion desired) and RA
> (recursion
> available), meaning you are querying a recursive server and hence no AA
> (authoritative
> answer) in the flags.
>
> BTW, obfuscation isn't ever helpful for having people help on a mailing
> list [1]
>
>
> -JP
>
> [1]
> https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20241102/d0e38a15/attachment.htm>
More information about the Pdns-users
mailing list