Understanding Google Public DNS Responses

[brian.e...@gmail.com]

While debugging a recent DNS issue, my investigation took me to Google's Open DNS (https://dns.google.com/query?name=example.com&type=A&dnssec=true).  

I was unable to find any documentation about the two letter response fields.  What do TC, RD, RA, AD, and CD stand for or denote?

Result for example.com/A with DNSSEC validation:

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": true,
  "CD": false,
  "Question": [
    {
      "name": "example.com.",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "example.com.",
      "type": 1,
      "TTL": 21599,
      "data": "123.45.67.89"
    }
  ],
  "Comment": "Response from 123.45.67.89."
}

[Alex Dupuy]

These are standard DNS request/response flags as defined in RFC 1035 section 4.1.1 and extended (with AD and CD) in RFC 2535 section 6.1 (the meaning of AD was updated in RFC 3655 and RFC 4035).

From https://developers.google.com/speed/public-dns/docs/dns-over-https

  "Status": 2,  // SERVFAIL - Standard DNS response code (32 bit integer).
  "TC": false,  // Whether the response is truncated
  "RD": true,   // Always true for Google Public DNS
  "RA": true,   // Always true for Google Public DNS
  "AD": false,  // Whether all response data was validated with DNSSEC
  "CD": false,  // Whether the client asked to disable DNSSEC

The RD (recursion desired) and RA (recursion available) flags aren't really relevant for DNS-over-HTTPS, but are included for completeness.

The comments above are not part of actual responses (JSON has no comment syntax in any case) but were added as explanatory text.

Do you think you would have noticed a separate section explaining these flags more readily than this example which you didn't?

@alex