Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

pub.diemer29 at laposte.net pub.diemer29 at laposte.net
Wed Dec 13 16:29:02 UTC 2023 

 


‌
Dear Bind user,

 

I am a teacher and trying to understand how dns works. I am spending hours reading various sources without finding satisfying information. For teaching purposes I have created a virtual machine with isc dhcp server and bind9 and another virtual machine that uses the first one as ics dhcp and dns server.

 

I have disabled IPv6 by setting link-local: [] in netplan's setting.

 

The name of the network (dns zone) is "reseau1.lan". When I "dig -4 reseau1.lan" the AUTHORITY bit is set to 1. 

 

Why or when should the AUTHORITY bit set to 1 ? What does it take for nslookup to give me an authoritative answer ? 

 

If I "ping xxx.reseau1.lan" I get an NXDOMAIN answer. Why NXDOMAIN and not NOERROR (NODATA) ? The domain "reseau1.lan" exists and my dns server is authoritative for this zone (SOA record) but the computer "xxx" on this domain does not. Should I use a wildcard dns record ?

 

I have tryed to empty the list of forwarders and disable the dns cache ... should I configure a dns-resolver only for the domain reseau1.lan and then a dns forwared for external dns queries ? Or maybe configure the resolver for the lan network interface and the forwarder on the internet network interface on the dns server ?

 

I managed to get "AUTHORITY: 1" when typing "dig -4 soa reseau1.lan" by disabling the forwarders and the cache so I guess I should configure bind per network interface. But when typing "dig -4 pc1.reseau1.lan" the AUTHORITY bit is always set to 0.

 


͏‌ 




͏‌ 




Kind Regards,

Michel Diemer



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231213/a11878f7/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3944472000000002embeddedImage
Type: image/png
Size: 19746 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231213/a11878f7/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 4119250999999996embeddedImage
Type: image/png
Size: 14489 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231213/a11878f7/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 4303235embeddedImage
Type: image/png
Size: 44718 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231213/a11878f7/attachment-0005.png>

More information about the bind-users mailing list