bert hubert <> wrote:

> Resolvers rarely if ever send out AA=1 answers. If you literally want to
> forward packets, dnsdist may be a better choice.
> Is the current behaviour causing you problems? If so can you tell us about
> those problems?

I can probably use dnsdist (I only just learned about it today), but given the 
description of the recursor's forward-zones option I assumed it was meant to 
"delegate" certain zones to authoritative servers, and I would've expected it 
to pass through the AA=1 bits coming back from such an authoritative server.

To explain what I'm trying to do: I want to serve a zone of dynamic A records 
referenced from SPF records with "exists:%{i}" mechanisms from a little custom 
DNS server, but I want to front this server with something that I trust to 
implement the DNS protocol robustly and securely. So I'll give dnsdist a try 



Attachment: signature.asc
Description: Message signed with OpenPGP

Pdns-users mailing list

Reply via email to