John KristoffOct 29

#DNS trivia, especially for those have ever used the "It was DNS" meme. What is wrong with this (real) dig response and what is the likely cause? AI probably won't help you.

dig @1.1.1.1 foobar.gov +norecurse +nocmd +noquestion +noauthority +nostats
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
Show threadTony FinchOct 30

@jtk hmm, rd=0 in the query ought to be echoed in the response, which is hinky

the lack of cookie and dnssec records suggest that you’re talking to a middlebox not to 1.1.1.1

Show threadPetr Menšík 
@fanf @jtk +dnssec was not used, lack of signatures is ok. But you are right, Rd bit should not be there. What would +nsid ch txt version.bind response look like?
Oct 30 at 6:19amWeb