Reponses from a non-authoritative server with the AA flag set
svieth at wi.rr.com
svieth at wi.rr.com
Fri Jul 22 04:03:55 UTC 2005
Hi:
I found numerous discussions in c.p.d.b that mention that BIND 8 would
return answers with the AA bit for zones that the BIND 8 server was not
authoritative for. This happens the first time that the BIND 8 server
is asked to resolve a particular name. After that, the result is
cached and BIND 8 returns answers without AA set for that particular
query because the answer is coming from the BIND 8 server's cache.
In BIND 9, it is said that answers always have the AA bit clear unless
that particular BIND 9 server is authoritative for the zone that they
query was asking about.
My question is this: We have a case where a load balancer is returning
answers with the AA bit for a certain zone but the load balancer's
address is not listed in an NS record for that zone.
[Our PCs have the address of the load balancer set as their DNS
server.]
Will that cause a problem for any client resolvers? The answer is
coming back with AA set but the answer is not coming directly from one
of the nameservers which are listed as authoritative for that zone. As
I said above, this seemed to be acceptable behavior in BIND 8.
The load balancer is not doing any active resolution, it is only
passing port 53 traffic through to the DNS servers behind it.
Thanks in advance for any advice/help.
-Scott
More information about the bind-users
mailing list