Clarification on bind response

Kevin Darcy kcd at chrysler.com
Tue Aug 24 16:37:42 UTC 2010 

On 8/24/2010 8:18 AM, rams wrote:
>
> Hi
> When we have data as follows queried domain 
> "maint.rameshops5526old.com <http://maint.rameshops5526old.com/>." 
> against bind and my own resolver. Bind and my resolver response are 
> same but only mismatching with flags. bind is returning AA flag but my 
> resolver is not returning AA flag. in this case wihcih is correct bind 
> or my resolver?
> Zone: rameshops5526old.com <http://rameshops5526old.com/>
>
> maint.rameshops5526old.com <http://maint.rameshops5526old.com/>. 300 
> IN      CNAME
> maint.global.rameshops5526old.com 
> <http://maint.global.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>.   21600   IN     
>  NS dns5.rameshops5526old.com <http://dns5.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>.   21600   IN     
>  NS dns2.rameshops5526old.com <http://dns2.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>.   21600   IN     
>  NS dns1.rameshops5526old.com <http://dns1.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>.   21600   IN     
>  NS dns6.rameshops5526old.com <http://dns6.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>.   21600   IN     
>  NS dns4.rameshops5526old.com <http://dns4.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>.   21600   IN     
>  NS dns3.rameshops5526old.com <http://dns3.rameshops5526old.com/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300 
> IN     NS j.ns.nsatc.net <http://j.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300 
> IN     NS a.ns.nsatc.net <http://a.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300 
> IN     NS l.ns.nsatc.net <http://l.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300 
> IN     NS d.ns.nsatc.net <http://d.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300 
> IN     NS b.ns.nsatc.net <http://b.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300 
> IN     NS e.ns.nsatc.net <http://e.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300 
> IN     NS c.ns.nsatc.net <http://c.ns.nsatc.net/>.
>
>
AA is set on BIND's response because the CNAME is coming directly from 
authoritative data.

AA is not set on your resolver's response because the answer *isn't* 
coming directly from authoritative data.

Why is this an issue? A stub resolver or an application generally 
doesn't -- and shouldn't -- care -- or usually doesn't even *know* -- 
about the setting of the AA flag.

                                                                         
                                                             - Kevin



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100824/b1f7c276/attachment.html>

More information about the bind-users mailing list