What the flags on DNS query responses mean
Responses from DNS servers come with various useful and informative flags. Since I just looked them up while figuring out just what was going on with a peculiar nameserver, I'm going to write it down for my future reference.
||Yes, this is really a DNS response that
||The server is authoritative for the domain.|
||You asked for recursive resolution of your query.|
||The server is willing to do recursive queries for you.|
||The response was truncated because it was too big to fit in a UDP packet.|
These come from RFC1035 section 4.1.1, which is worth reading in full (it's short).
Every nameserver for a domain should be an authoritative server for the
domain and so its responses about the domain should always have the
bit set. These days, seeing
ra from a domain's nameserver should make
you nervous, especially if the nameserver does not report itself as
authoritative (ie, doesn't set
(Real secondary servers for a domain are authoritative for the domain
and know it, even though they do not hold a permanent local copy of
the domain's DNS records. Informal secondaries, where you just list a
nameserver that will do recursive queries for the Internet as one of
your NS records, are not authoritative and will not set
aa on replies.
Yes, people really do that.)