authoritative return CD?

Jeremy C. Reed jreed at
Sat Oct 19 21:46:14 UTC 2019

On Thu, 3 Oct 2019, Evan Hunt wrote:

> On Thu, Oct 03, 2019 at 08:25:44AM -0500, reed at wrote:
> > Why does named authoritative return CD in response when CD in query?
> At a guess, because it does so for recursive responses and no one ever
> thought to special-case authoritative responses.
> That code was added along with all the rest of the DNSSEC-bis work
> in BIND 9.3.0 in 2004, and I haven't found any documentation of that
> particular design decision; I suspect it was just an oversight.
> Do you know of any interoperational problems this causes?

No, I don't know of any problems from this.

> > I didn't confirm, but I think this is related to 
> > DNS_MESSAGE_REPLYPRESERVE and 4534.  [bug] Only set RD, RA and CD in 
> > QUERY responses. [RT #43879]
> Yes and no, respectively. The CD bit was copied before change #4534; the
> difference was that it was copied in all responses, not just QUERY
> responses. The specific misbehavior with authoritative responses
> wasn't introduced then.


Since BIND is reference implementation, do you want me to open a bug?

More information about the bind-workers mailing list