From b936fdde139a2ec6fdac8c211e210fee9981839f Mon Sep 17 00:00:00 2001 From: Stefan Schmidt <203977+ZaphodB@users.noreply.github.com> Date: Fri, 31 May 2024 14:22:32 +0200 Subject: [PATCH] Update pdns/recursordist/docs/appendices/FAQ.rst Co-authored-by: Otto Moerbeek --- pdns/recursordist/docs/appendices/FAQ.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/recursordist/docs/appendices/FAQ.rst b/pdns/recursordist/docs/appendices/FAQ.rst index 2d545f466d..58ae7b6185 100644 --- a/pdns/recursordist/docs/appendices/FAQ.rst +++ b/pdns/recursordist/docs/appendices/FAQ.rst @@ -87,6 +87,6 @@ For example, in the default setup the root name servers are called ``[a-m].root- This is needed to correctly determine zone cuts to be able to decide if the ``.root-servers.net`` domain is DNSSEC protected. Newer versions solve this by querying the needed information top-down. Starting with version 5.0.0, enabling :ref:`allow-no-rd` allows for queries without the recursion desired bit to be answered from cache. -Older versions of the ``dig`` program provided by ISC do not set the RD bit causing it to sometimes fail to perform a ``+trace`` when asking a freshly restarted :program:`Recursor` despite the :ref:`allow-no-rd` option being set. +Older versions of the ``dig`` program provided by ISC do not set the RD bit on the initial ``+trace`` query causing it to sometimes fail to perform a ``+trace`` when asking a freshly restarted :program:`Recursor` despite the :ref:`allow-no-rd` option being set. This is because there is a short while after restarting that the cache has no authoritative data on the root, so it will answer with an NODATA (NOERROR and no answer records) in that period for RD=0 queries asking for the root name servers. For ``dig`` this has been fixed in `BIND 9.15.1 ` by setting the RD bit. \ No newline at end of file -- 2.47.2