[dns-operations] sophosxl.net problem?
ietf-dane at dukhovni.org
Mon Nov 11 04:32:01 UTC 2019
> On Nov 10, 2019, at 8:30 PM, Matt Nordhoff <lists at mn0.us> wrote:
> For y'all's information, PowerDNS Recursor rejects non-AA responses.
> It used to accept them until, I believe, earlier this year.
> They're tracking broken zones in an issue:
Reading that issue it seems that the servers in question return
cached non-authoritative data even when the request has RD=0,
provided some recent RD=1 query brings the data into the cache.
In which case the issue is not *failing* to set AA=1, but rather
a server that is authoritative for some domains and recursive for
others allowing non-authoritative cached data to leak into RD=0
How common are such servers? Is their behaviour incorrect?
More information about the dns-operations