[dns-operations] NS records in Authority for NOERROR responses

Peter van Dijk peter.van.dijk at powerdns.com
Thu Sep 3 17:42:45 UTC 2015

Hello Jan,

On 3 Sep 2015, at 14:13, Jan Včelák wrote:

> In Knot DNS 2.0.1, we have decided to remove NS records from the
> Authority section for NOERROR responses. The reason why we were adding
> these records into the responses was to be consistent with BIND and 
> NSD.

> Is this really a valid use? Is it used in the wild? And does anyone 
> rely
> on this functionality?

PowerDNS Auth has never* added the auth NSset to negative (or even 
positive!) responses. I am not aware of any reports of trouble.

*) as far as I know which is at least since 5 years

On a sidetone, I don’t see an AUTHORITY section in `dig +norec mx 
www.isc.org @ord.sns-pb.isc.org` either, suggesting BIND may also have 
stopped doing it on nodata and nxdomain?

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the dns-operations mailing list