The PowerDNS Auth. server does not set RA bit even if recursion is
available. Up until now this hasn't been a problem, but now it seems
that some OSs are shipping with resolver libraries that do care and
will discard replies if the RA bit is not set.
For example see the release notes from the latest Bind:
"dig now warns if 'RA' is not set in the answer when 'RD' was set in
the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
is set unless a server is explicitly set."
I have a customer who sees just this on Fedora Core 7.
We run the PowerDNS Auth. server with the PowerDNS Recursor and if you
ask our name servers a recursive query they will come back with the RA
bit set, but if you ask a question that does not need recursion then
the RA bit is not set.
[augie@augnix ~]$ dig sonic.net | grep flags
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
[augie@augnix ~]$ dig powerdns.com | grep flags
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
The problem is that these newer resolver libraries expect the name
servers listed in /etc/resolv.conf to be recursive servers, so if they
ask a question they expect to see the RA bit set even if the AA bit is
Also (and I hate to use this) it seems to be against the RFC to not
set the RA when recursion is available -
"RA Recursion Available - this be is set or cleared in a
response, and denotes whether recursive query support is
available in the name server."
fixed in commit 1099