Hey folks.
Does anyone happen to know why cloudflare DNS aren’t setting the authoritative flag for its responses? Here’s one example:
dig +norec -t A hz.gl @karina.ns.cloudflare.com
; <<>> DiG 9.10.6 <<>> +norec -t A hz.gl @karina.ns.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4474
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;hz.gl. IN A
;; ANSWER SECTION:
hz.gl. 300 IN A 172.67.218.35
hz.gl. 300 IN A 104.21.24.92
;; Query time: 55 msec
;; SERVER: 2606:4700:50::adf5:3ab2#53(2606:4700:50::adf5:3ab2)
;; WHEN: Tue Nov 14 10:48:20 GMT 2023
;; MSG SIZE rcvd: 66
In contrast, AWS Route53 sets the authoritative flag:
⋊> ~ dig +norec -t A howard.gg @ns-932.awsdns-52.net
; <<>> DiG 9.10.6 <<>> +norec -t A howard.gg @ns-932.awsdns-52.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49749
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;howard.gg. IN A
;; ANSWER SECTION:
howard.gg. 300 IN A 193.123.60.208
howard.gg. 300 IN A 141.148.246.116
howard.gg. 300 IN A 158.178.146.144
howard.gg. 300 IN A 144.21.43.178
;; AUTHORITY SECTION:
howard.gg. 172800 IN NS ns-1184.awsdns-20.org.
howard.gg. 172800 IN NS ns-1787.awsdns-31.co.uk.
howard.gg. 172800 IN NS ns-258.awsdns-32.com.
howard.gg. 172800 IN NS ns-932.awsdns-52.net.
;; Query time: 41 msec
;; SERVER: 2600:9000:5303:a400::1#53(2600:9000:5303:a400::1)
;; WHEN: Tue Nov 14 10:48:24 GMT 2023
;; MSG SIZE rcvd: 242
Thanks!