Question about authoritative server and AA Authoritative Answer
Ders bind users, I have already asked a similar question which was more about DNS in general , this one is very specific about the AA bit. Today's question is : « "dig pc1.reseau1.lan ns" show AUTHORITY: 1 and "dig pc1.reseau1.lan" shows AUTHORITY: 0. Which setting or knowledge am I missing ? If possible, how to get AA answers for QNAME queries ? » I have set up two virtual machines on a virtual local network using Oracle VirtualBox. One machine is a DNS authoritative-only server. The zone is named "reseau1.lan" and defined only in bind9 zone files. If I really have to, I will name it "reseau1.home.arpa" according to RFC 8375. (I chose .lan inspired by RFC 6762 appendix G). The IP address of the DNS server is 172.16.0.254 and the IP address of pc1 is 172.16.0.21. dig soa reseau1.lan : the AA bit is set, which is what I am looking for ͏ ͏ ͏ dig pc1.reseau1.lan ns : the AA bit is set ͏ ͏ ͏ ͏ dig pc1.reseau1.lan : the AA bit is not set. Why ? Which setting or knowledge am I missing ? Below my "named.conf.options" file ͏ ͏ ͏ ͏ ͏ -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question about authoritative server and AA Authoritative Answer
Hi Michel. Please can you send the following information: - name and IP address of the authoritative server - the full contents of the zone file for "reseau1.lan" - name and IP address of the other server - what does this server do? - What is the machine "pc1", on which you are running the digs? - the file "/etc/resolv.conf" on "pc1" Please also re-send the digs with full output. When you send information, please send it as text, not screenshots. Thanks, Greg On Sun, 14 Jan 2024 at 22:04, Michel Diemer via bind-users < bind-users@lists.isc.org> wrote: > Ders bind users, > > I have already asked a similar question which was more about DNS in > general , this one is very specific about the AA bit. > > Today's question is : *« "dig pc1.reseau1.lan ns"** show AUTHORITY: 1 and > "dig pc1.reseau1.lan" shows AUTHORITY: 0. Which setting or knowledge am I > missing ? If possible, how to get AA answers for QNAME queries ? »* > > I have set up two virtual machines on a virtual local network using Oracle > VirtualBox. One machine is a DNS authoritative-only server. The zone is > named "reseau1.lan" and defined only in bind9 zone files. If I really have > to, I will name it "reseau1.home.arpa" according to RFC 8375. (I chose .lan > inspired by RFC 6762 appendix G). The IP address of the DNS server is > 172.16.0.254 and the IP address of pc1 is 172.16.0.21. > > > *dig soa reseau1.lan* : the AA bit is set, which is what I am looking for > > ͏ ͏ ͏ > > * dig pc1.reseau1.lan ns* : the AA bit is set > > ͏ ͏ ͏ ͏ > > *dig pc1.reseau1.lan* : *the AA bit is not set. Why ? Which setting or > knowledge am I missing ?* > > > > Below my "named.conf.options" file > > ͏ > > > ͏ ͏ ͏ ͏ > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question about authoritative server and AA Authoritative Answer
> On 15 Jan 2024, at 09:04, Michel Diemer via bind-users > wrote: > > Ders bind users, > > I have already asked a similar question which was more about DNS in general , > this one is very specific about the AA bit. > > Today's question is : « "dig pc1.reseau1.lan ns" show AUTHORITY: 1 and "dig > pc1.reseau1.lan" shows AUTHORITY: 0. Which setting or knowledge am I missing > ? If possible, how to get AA answers for QNAME queries ? » The difference is because you have positive and negative answers. The authority section has information about how long the negative response can be cached for. See RFC 2308. As for AA ask the authoritative server rather than the recursive server. See RFC 1035. Also see the examples where AA is set in RFC 1034 and their descriptions. AA Authoritative Answer - this bit is valid in responses, and specifies that the responding name server is an authority for the domain name in question section. Note that the contents of the answer section may have multiple owner names because of aliases. The AA bit corresponds to the name which matches the query name, or the first owner name in the answer section. > I have set up two virtual machines on a virtual local network using Oracle > VirtualBox. One machine is a DNS authoritative-only server. The zone is named > "reseau1.lan" and defined only in bind9 zone files. If I really have to, I > will name it "reseau1.home.arpa" according to RFC 8375. (I chose .lan > inspired by RFC 6762 appendix G). The IP address of the DNS server is > 172.16.0.254 and the IP address of pc1 is 172.16.0.21. > dig soa reseau1.lan : the AA bit is set, which is what I am looking for > > <540085300119embeddedImage.png>͏ ͏ ͏ > > dig pc1.reseau1.lan ns : the AA bit is set > > <620630300119embeddedImage.png>͏ ͏ ͏ ͏ > > dig pc1.reseau1.lan : the AA bit is not set. Why ? Which setting or knowledge > am I missing ? > > <8504625embeddedImage.png> > > Below my "named.conf.options" file > > <1311990100238embeddedImage.png>͏ > > > ͏ ͏ ͏ ͏ > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
