> On 16 Jan 2024, at 02:32, pub.dieme...@laposte.net wrote: > > > > Dear Mark, > > I am sorry but I don'y understand you reply. > > > RFC 1034, § 6.2.2 the AA bit is set. > I have a non-recursive authoritative server and the AA bit is not set. My > example is similar to RFC 1034. Why, on the RFC the AA bit is set but not on > my example ?
Because you were not querying the authoritative server, you where querying the recursive server in the screen shots. When you queried the authoritative server (see dns-authoritative-question.md) you got AA in the response. The answers from the recursive server: ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 vs the answers from the authoritative server: ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > On my screenshots, where do you see negative answers ? The ones where the answer count was zero (look for "ANSWER: 0,”). > De : "Mark Andrews" > A : pub.dieme...@laposte.net,"bind users" > Envoyé: dimanche 14 Janvier 2024 23:54 > Objet : Re: Question about authoritative server and AA Authoritative Answer > > > > On 15 Jan 2024, at 09:04, Michel Diemer via bind-users wrote: > > > > Ders bind users, > > > > I have already asked a similar question which was more about DNS in general > > , this one is very specific about the AA bit. > > > > Today's question is : « "dig pc1.reseau1.lan ns" show AUTHORITY: 1 and "dig > > pc1.reseau1.lan" shows AUTHORITY: 0. Which setting or knowledge am I > > missing ? If possible, how to get AA answers for QNAME queries ? » > > The difference is because you have positive and negative answers. The > authority section has information about how long the negative response can be > cached for. See RFC 2308. > > As for AA ask the authoritative server rather than the recursive server. See > RFC 1035. Also see the examples where AA is set in RFC 1034 and their > descriptions. > > AA Authoritative Answer - this bit is valid in responses, > and specifies that the responding name server is an > authority for the domain name in question section. > > Note that the contents of the answer section may have > multiple owner names because of aliases. The AA bit > corresponds to the name which matches the query name, or > the first owner name in the answer section. > > > > I have set up two virtual machines on a virtual local network using Oracle > > VirtualBox. One machine is a DNS authoritative-only server. The zone is > > named "reseau1.lan" and defined only in bind9 zone files. If I really have > > to, I will name it "reseau1.home.arpa" according to RFC 8375. (I chose .lan > > inspired by RFC 6762 appendix G). The IP address of the DNS server is > > 172.16.0.254 and the IP address of pc1 is 172.16.0.21. > > > > dig soa reseau1.lan : the AA bit is set, which is what I am looking for > > > > <5400853000000119embeddedImage.png>͏ ͏ ͏ > > > > dig pc1.reseau1.lan ns : the AA bit is set > > > > <6206303000000119embeddedImage.png>͏ ͏ ͏ ͏ > > > > dig pc1.reseau1.lan : the AA bit is not set. Why ? Which setting or > > knowledge am I missing ? > > > > <8504625embeddedImage.png> > > > > Below my "named.conf.options" file > > > > <13119901000000238embeddedImage.png>͏ > > > > > > ͏ ͏ ͏ ͏ > > -- > > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > > this list > > > > ISC funds the development of this software with paid support subscriptions. > > Contact us at https://www.isc.org/contact/ for more information. > > > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
