TLDR - seeking a quick-n-dirty way to set/keep the AA flag in the pdns-recursor response when recursing locally from forward-zones-file.
For the time being, since there are thousands of users, we continue to use PowerDNS for recursion and for Authoriative DNS on the same server. We have pdns-recursor listening on port 53, but if the domain is in the forward-zones-file it forwards locally to port 5300 where PowerDNS responds authoritatively. This works fine, but since it is technically recursing I guess it is not setting the AA flag. Per some RFC this is bad since an authoritative server shouldn't be recursing and so some services (Barracuda Networks and mxtoolbox) will catch this and flag it accordingly as "lame" DNS. This is not a problem for millions of emails, but for clients that use Barracuda Networks for SMTP and security, they are not being allowed to send email to pldi.net. # dig +all @localhost -p 53 pldi.net ns ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20834 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 # dig +all @localhost -p 5300 pldi.net mx ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63458 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 Is there a configuration option or even a script I could put in place to force the aa flag in the pdns-recursor response when in the forward-zones-file? -- *Mike Steele* *System Integrator* *Broadband Services * *Pioneer Telephone Coop.* PO Box 539 ยป Kingfisher, OK 73750 o: 405.375.0542 mike.ste...@pldtechs.net ptci.com <http://www.ptci.com/> | WirelessPioneer.com <http://www.wirelesspioneer.com/>
_______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-dev
