Question about authoritative server and AA Authoritative Answer

Mon Jan 15 15:24:49 UTC 2024

D‌ear Greg, 

Thank you for your reply.

Please find attached the markdown file  with all the commands and text from the terminal.

In /etc/resolv.conf I had "127.0.0.53" so I disabled the DNSStubListener from systemd-resolved. I have netplan and networkd.

Kind Regards,

Michel Diemer.

De : "Greg Choules"
A : pub.diemer29 at laposte.net,bind-users at lists.isc.org
Envoyé: dimanche 14 Janvier 2024 23:28
Objet : Re: Question about authoritative server and AA Authoritative Answer

Hi Michel.
Please can you send the following information:

- name and IP address of the authoritative server

- the full contents of the zone file for "reseau1.lan"

- name and IP address of the other server - what does this server do?

- What is the machine "pc1", on which you are running the digs?

- the file "/etc/resolv.conf" on "pc1"

Please also re-send the digs with full output.

When you send information, please send it as text, not screenshots.

Thanks, Greg

On Sun, 14 Jan 2024 at 22:04, Michel Diemer via bind-users <bind-users at lists.isc.org> wrote:

‌Ders bind users,

I have already asked a similar question which was more about DNS in general , this one is very specific about the AA bit.

Today's question is : « "dig pc1.reseau1.lan ns" show AUTHORITY: 1 and "dig pc1.reseau1.lan" shows AUTHORITY: 0. Which setting or knowledge am I missing ? If possible, how to get AA answers for QNAME queries ? »

I have set up two virtual machines on a virtual local network using Oracle VirtualBox. One machine is a DNS authoritative-only server. The zone is named "reseau1.lan" and defined only in bind9 zone files. If I really have to, I will name it "reseau1.home.arpa" according to RFC 8375. (I chose .lan inspired by RFC 6762 appendix G). The IP address of the DNS server is 172.16.0.254 and the IP address of pc1 is 172.16.0.21.

dig soa reseau1.lan : the AA bit is set, which is what I am looking for

͏‌ ͏‌ ͏‌ 

 dig pc1.reseau1.lan ns :  the AA bit is set

͏‌ ͏‌ ͏‌ ͏‌ 

dig pc1.reseau1.lan : the AA bit is not set. Why ? Which setting or knowledge am I missing ?

Below my "named.conf.options" file

͏‌ 

͏‌ ͏‌ ͏‌ ͏‌ 
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240115/c325d160/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 5400853000000119embeddedImage
Type: image/png
Size: 5348 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240115/c325d160/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 6206303000000119embeddedImage
Type: image/png
Size: 5427 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240115/c325d160/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8504625embeddedImage
Type: image/png
Size: 8645 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240115/c325d160/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 13119901000000238embeddedImage
Type: image/png
Size: 6496 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240115/c325d160/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dns-authoritative-question.md
Type: application/octet-stream
Size: 5613 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240115/c325d160/attachment-0001.obj>