DNS question

Tim Kelley tim at it.kpt.cc
Wed Dec 15 01:18:54 UTC 2004


A simple question ...

Is it legal for a nameserver to ever flag a response with "AA" when it is not 
authoritative for a zone?

I notice windows nameservers who permit recursion will flag a response with 
"AA" (fetched from the authoritative server) the first time the lookup is 
done. Afterwards, when just fetching from it's cache, it does not.

Bind never does this.

Is one incorrect, or is this just a permitted difference in implementation? I 
can't find any reference in the RFC's ...

It seems to me ridiculous for a server to flag AA unless it actually does 
answer for the zone in question ...

-- 
  _   _   _   _   _   _   _   _   _   _   _   _   _  
 / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 
( t | i | m | @ | i | t | . | k | p | t | . | c | c )
 \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ 
GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF  DC21 2807 D7D3 09CA 85BF



More information about the bind-users mailing list