[dns-operations] TC=1 with RA=0 from a recursive resolver

Sat Mar 19 11:38:06 UTC 2016

On Fri, Mar 18, 2016 at 06:32:21PM -0400, Matthew Pounsett wrote:
> Other than with the relatively new exception of RRL, doesn’t setting TC=1
> pretty much require you to already know what you’re going to answer?  It
> seems to me that any server configured to answer recursively should be
> responding with RA=1, regardless of whether it is giving the complete
> answer over UDP, or sending the client to TCP.

I specificially refer to frontends that protect backend servers, so for
example dnsdist, or F5 devices.  dnsdist can set TC=1 for ANY queries for
example, without consulting the backend. Or it could do so based on query
rate.

So these answers are not *actually* truncated, they are meant to force the
requestor to retry over TCP/IP.

	Bert