Hi Viktor, > > Go implements its own resolver rather than use the local libc's, > > e.g. glibc's. All of them are stub resolvers, yes, but if asked to > > look up foo.bar.local and /etc/resolv.conf has only the > > authoritative bar.local server in it then they get an authoritative > > response without a third-party recursive resolver being involved. > > [ Perhaps ietf@xxxxxxxx is the wrong list for this discussion. ] Agreed, it was pointed out to me off list that dnsop@xxxxxxxx would be better. I'm happy for it to move, and suggest replies drop the ietf list from the CC. For cross-reference, the conversation on ietf starts https://mailarchive.ietf.org/arch/search/?email_list=ietf&gbt=1&index=wdopuAP2ddLlQcdtX-iAWdUULZ8 > Best practice is to not conflate authoritative and recursive DNS > servers. If you put an authoritative rather than a recursive resolver > in /etc/resolv.conf, that's a misconfiguration. OK. > I have a recursive resolver on 127.0.0.1:53 and an authoritative > nameserver on <public-ip>:53. The /etc/resolv.conf file lists only > the recursive server on the loopback address. The authoritative > server refuses recursive queries. That still leaves open the question of whether the stub resolvers can assume, as many have apparently been doing for years, that they will be given CNAME before A. Cheers, Ralph.