PowerDNS Auth. server does not set RA bit even if recursion is available.

[anon]

The PowerDNS Auth. server does not set RA bit even if recursion is available. Up until now this hasn't been a problem, but now it seems that some OSs are shipping with resolver libraries that do care and will discard replies if the RA bit is not set.

For example see the release notes from the latest Bind:  http://www.isc.org/index.pl?/sw/bind/view/?release=9.4.1-P1

"dig now warns if 'RA' is not set in the answer when 'RD' was set in the query. host/nslookup skip servers that fail to set 'RA' when 'RD' is set unless a server is explicitly set."

I have a customer who sees just this on Fedora Core 7.

We run the PowerDNS Auth. server with the PowerDNS Recursor and if you ask our name servers a recursive query they will come back with the RA bit set, but if you ask a question that does not need recursion then the RA bit is not set.

[augie@augnix ~]$ dig sonic.net | grep flags ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 [augie@augnix ~]$ dig powerdns.com | grep flags ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

The problem is that these newer resolver libraries expect the name servers listed in /etc/resolv.conf to be recursive servers, so if they ask a question they expect to see the RA bit set even if the AA bit is set.

Also (and I hate to use this) it seems to be against the RFC to not set the RA when recursion is available -  http://www.faqs.org/rfcs/rfc1035.html

"RA Recursion Available - this be is set or cleared in a

response, and denotes whether recursive query support is available in the name server."

[ahu]

fixed in commit 1099