How do BIND caching servers handle received responses with no aa flag? We're running BIND 9.9.6-P1 and I received a report of a query that our server sometimes answered as expected and sometimes didn't. The offending name is not one we are authoritative for. I checked the offending name and found that just one of its nameservers answered badly: with an empty answer section, a "NOERROR" status and no "aa" flag set.
I know to contact the other site and report this, but I'm wondering what bind tries to do. Assuming the above was the situation when the reported symptoms occurred, I would have guessed bind would act on the lack of an "aa" flag and either answer the original query with SERVFAIL or immediately retry with a different server, and issues to the end user would be pretty rare. FYI, the query was for MX records for convergepay.com and their nameserver atl-embr-mdf1-lbtrans-7000-dl.elavon.net was listed among the authoritative NS records but answered an MX query as described. I tested both with and without requesting recursion. In fact, every name and record type I asked it got a response of "NOERROR", no answer section, and no "aa" flag. John Wobus Cornell IT _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users