[dns-operations] sophosxl.net problem?

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Nov 11 04:32:01 UTC 2019


> On Nov 10, 2019, at 8:30 PM, Matt Nordhoff <lists at mn0.us> wrote:
> 
> For y'all's information, PowerDNS Recursor rejects non-AA responses.
> It used to accept them until, I believe, earlier this year.
> 
> They're tracking broken zones in an issue:
> 
> <https://github.com/PowerDNS/pdns/issues/8150>

Reading that issue it seems that the servers in question return
cached non-authoritative data even when the request has RD=0,
provided some recent RD=1 query brings the data into the cache.

In which case the issue is not *failing* to set AA=1, but rather
a server that is authoritative for some domains and recursive for
others allowing non-authoritative cached data to leak into RD=0
replies.

How common are such servers?  Is their behaviour incorrect?

-- 
	Viktor.




More information about the dns-operations mailing list