[dns-operations] dig 9.8.5-P1 not seeing 'aa' flag set from authoritative nameservers?

Mark E. Jeftovic markjr at easydns.com
Fri Jul 25 12:22:26 UTC 2014

Casey Deccio wrote:
> On Fri, Jul 25, 2014 at 1:32 AM, Mark E. Jeftovic <markjr at easydns.com
> <mailto:markjr at easydns.com>> wrote:
>     Note that there is no 'aa' flag set. I've been checking everybody's
>     nameservers, they are all not doing it.
> Do you mean name servers authoritative for other DNS zones have/had the
> same issue (no AA bit) from the perspective of your client?


> Is/was your affected client behind a transparent DNS proxy perhaps?

As I was drifting off to sleep I realized that had to be it. I'm on
"vaction" at the moment and I noticed this as I was connected on the
hotel's WIFI.

The part when it "went away", I realize, was right after I re-connected
to my office VPN.

> It wasn't clear from your post since you didn't include the actual
> answers, but were the answers and TTLs what you would expect from the
> authoritative server?
>     But all my other dig's on other boxes are working fine
> Were the other clients you tested from on the same subnet?

No, in fact as I noticed, when I connected to my VPN I got my normal

So there has to be a DNS proxy here at the hotel (although I would
expect them to be trapping and monetizing NXDOMAIN traffic if that was
the case but they aren't)

A little earlier in the night perhaps, and I would have figured it out

- mark

> Casey

Mark E. Jeftovic <markjr at easydns.com>
Founder & CEO, easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
Read my blog: http://markable.com

More information about the dns-operations mailing list