PowerDNS Auth. server does not set RA bit even if recursion is available. #167

Closed
Habbie opened this Issue Apr 26, 2013 · 1 comment

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

The PowerDNS Auth. server does not set RA bit even if recursion is
available. Up until now this hasn't been a problem, but now it seems
that some OSs are shipping with resolver libraries that do care and
will discard replies if the RA bit is not set.

For example see the release notes from the latest Bind:
http://www.isc.org/index.pl?/sw/bind/view/?release=9.4.1-P1

"dig now warns if 'RA' is not set in the answer when 'RD' was set in
the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
is set unless a server is explicitly set."

I have a customer who sees just this on Fedora Core 7.

We run the PowerDNS Auth. server with the PowerDNS Recursor and if you
ask our name servers a recursive query they will come back with the RA
bit set, but if you ask a question that does not need recursion then
the RA bit is not set.

[augie@augnix ~]$ dig sonic.net | grep flags
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
[augie@augnix ~]$ dig powerdns.com | grep flags
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

The problem is that these newer resolver libraries expect the name
servers listed in /etc/resolv.conf to be recursive servers, so if they
ask a question they expect to see the RA bit set even if the AA bit is
set.

Also (and I hate to use this) it seems to be against the RFC to not
set the RA when recursion is available -
http://www.faqs.org/rfcs/rfc1035.html

"RA Recursion Available - this be is set or cleared in a
response, and denotes whether recursive query support is
available in the name server."

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie
Member
Habbie commented Apr 26, 2013

Author: ahu
fixed in commit 1099

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment