[Pdns-users] Authoritative PDNS gives back non-authoritative Answers for records
Brian Candler
b.candler at pobox.com
Sat Nov 2 08:44:29 UTC 2024
On 02/11/2024 08:12, rob777 via Pdns-users wrote:
>
> >Only answers directly coming from an authoritative server are
> supposed to set the aa bit
>
> I found some internet stuff where someone claims that the AA flag is
> even not set if the answer comes from a cache in some constellations
> (bind cache). I dont see this behavior in my old bind environment.
The fact that a BIND recursor sets the AA bit in the reply is really
nothing more than an accident, because if you repeat the same query to
the same BIND recursor before the record has expired, you'll get it
without the AA bit.
From the client's point of view then, it's effectively random whether
the AA bit is set or not; it depends on whether some other client may or
may not have recently issued the same query.
PowerDNS implements the "correct" behaviour, which is AA=0 for all
answers, regardless of how long they have been in the cache. But really,
recursor clients don't care, which is why BIND's odd behaviour doesn't
cause any problems.
More information about the Pdns-users
mailing list