[dns-operations] Bind 9.8.0 intermittent problem with non-recursive responses

Matthew Pounsett matt at conundrum.com
Fri May 20 04:49:29 UTC 2011

On 2011-05-20, at 00:35, Carlos Vicente wrote:

> That's news to me.  What's the failure mode? Does the server return SERVFAIL, or does it not set the AD flag, or...?

It's another undefined condition in the RFCs, and so the outcome is implementation specific.  I believe in the case of BIND the authoritative algorithm wins out, and so you get RRSIGs and no AD flag.  I haven't tested this one out personally, but I vaguely recall the problem coming up on one of the DNS operations lists several months ago, so someone else may have a more detailed answer.

More information about the bind-users mailing list