[dns-operations] dig 9.8.5-P1 not seeing 'aa' flag set from authoritative nameservers?
Mark E. Jeftovic
markjr at easydns.com
Fri Jul 25 12:22:26 UTC 2014
Casey Deccio wrote:
> On Fri, Jul 25, 2014 at 1:32 AM, Mark E. Jeftovic <markjr at easydns.com
> <mailto:markjr at easydns.com>> wrote:
>
> Note that there is no 'aa' flag set. I've been checking everybody's
> nameservers, they are all not doing it.
>
>
> Do you mean name servers authoritative for other DNS zones have/had the
> same issue (no AA bit) from the perspective of your client?
>
Yes.
> Is/was your affected client behind a transparent DNS proxy perhaps?
>
As I was drifting off to sleep I realized that had to be it. I'm on
"vaction" at the moment and I noticed this as I was connected on the
hotel's WIFI.
The part when it "went away", I realize, was right after I re-connected
to my office VPN.
> It wasn't clear from your post since you didn't include the actual
> answers, but were the answers and TTLs what you would expect from the
> authoritative server?
>
> But all my other dig's on other boxes are working fine
>
>
> Were the other clients you tested from on the same subnet?
>
No, in fact as I noticed, when I connected to my VPN I got my normal
behaviour.
So there has to be a DNS proxy here at the hotel (although I would
expect them to be trapping and monetizing NXDOMAIN traffic if that was
the case but they aren't)
A little earlier in the night perhaps, and I would have figured it out
sooner.
- mark
> Casey
--
Mark E. Jeftovic <markjr at easydns.com>
Founder & CEO, easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
Read my blog: http://markable.com
More information about the dns-operations
mailing list