[dns-operations] sophosxl.net problem?
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Nov 11 04:32:01 UTC 2019
> On Nov 10, 2019, at 8:30 PM, Matt Nordhoff <lists at mn0.us> wrote:
>
> For y'all's information, PowerDNS Recursor rejects non-AA responses.
> It used to accept them until, I believe, earlier this year.
>
> They're tracking broken zones in an issue:
>
> <https://github.com/PowerDNS/pdns/issues/8150>
Reading that issue it seems that the servers in question return
cached non-authoritative data even when the request has RD=0,
provided some recent RD=1 query brings the data into the cache.
In which case the issue is not *failing* to set AA=1, but rather
a server that is authoritative for some domains and recursive for
others allowing non-authoritative cached data to leak into RD=0
replies.
How common are such servers? Is their behaviour incorrect?
--
Viktor.
More information about the dns-operations
mailing list