In article , "blrmaani"
wrote:

> I have a cache-only server [ DNSHOST2 in the picture below ]
>
> DNSHOST1 ( authoritative DNS server for zone myzone1.com )
> |
> |
> DNSHOST2 ( cache only DNS server )
> |
> |
> CLIENTHOST
>
>
> I executed nslookup on CLIENTHOST to lookup names and ip-addresses on
> DNSHOST2.
> The nslookup was executed in debug mode.
>
>
> The replies for names shows as non-authoritative whereas replies for IP
>
> address shows as authoritative. I was under the impression that all
> cached
> replies are always non-authoritative.

What version of BIND is DNSHOST2 running? In older versions, if the
answer isn't already in the server's cache, so it has to recurse, it
simply passes the response that it gets from the authoritative server on
to the client. Any flags in this response, including the AA flag, will
be sent to the client.

If you then perform the same query again, it should already have the
answer cached, so this time it should be non-authoritative.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***