What is auth-nxdomain?

Jim Reid jim at rfc1035.com
Tue Mar 27 22:43:00 UTC 2001

>>>>> "Agustina" == Agustina Buccella <abuccel at uncoma.edu.ar> writes:

    Agustina> I read the bind 9 Administrator Reference Manual and
    Agustina> said that the auth-nxdomain is: auth-nxdomain If yes,
    Agustina> then the AA bit is always set on NXDOMAIN responses,
    Agustina> even if the server is not actually authoritative. The
    Agustina> default is no; this is a change from BIND 8. If you are
    Agustina> using very old DNS software, you may need to set it to
    Agustina> yes.

    Agustina> but I don't understand very well? Can somebody explain
    Agustina> me in english??

Name servers set the AA bit when they send an authoritative answer: ie
the server is master or slave for the zone relating to the query. They
also send an NXDOMAIN error response if the name being looked up does
not exist. So this option in BIND9 means that you have the ability to
change the default behaviour if you really care. (Which you probably
don't unless you've got ancient DNS clients that are long overdue for
upgrade and misbehave when they get a reply with bith an NXDOMAIN error
code and the AA bit set.)

More information about the bind-users mailing list