Hi again and thanks for that. I'm still not exactly clear on the setup. I think the auth server is 172.16.0.254 (I don't know what pc1 is). But anyway, looking at your results I see the AA bit for everything. It appears that these queries both went directly to the auth server because recursion is disabled and it told you so.
====== # pc1@pc1:~ dig pc1.reseau1.lan ``` ```txt ; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> pc1.reseau1.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57670 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available # ns1@ns1:~ dig pc1.reseau1.lan ``` ```txt ; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> pc1.reseau1.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2379 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ====== So unless I'm missing something I don't see your problem. Cheers, Greg On Mon, 15 Jan 2024 at 15:24, <pub.dieme...@laposte.net> wrote: > Dear Greg, > > Thank you for your reply. > > > Please find attached the markdown file with all the commands and text > from the terminal. > > In /etc/resolv.conf I had "127.0.0.53" so I disabled the DNSStubListener > from systemd-resolved. I have netplan and networkd. > > > Kind Regards, > > Michel Diemer. > > > > De : "Greg Choules" > A : pub.dieme...@laposte.net,bind-users@lists.isc.org > Envoyé: dimanche 14 Janvier 2024 23:28 > Objet : Re: Question about authoritative server and AA Authoritative Answer > > Hi Michel. > Please can you send the following information: > - name and IP address of the authoritative server > - the full contents of the zone file for "reseau1.lan" > - name and IP address of the other server - what does this server do? > - What is the machine "pc1", on which you are running the digs? > - the file "/etc/resolv.conf" on "pc1" > > Please also re-send the digs with full output. > When you send information, please send it as text, not screenshots. > > Thanks, Greg > > On Sun, 14 Jan 2024 at 22:04, Michel Diemer via bind-users < > bind-users@lists.isc.org> wrote: > >> Ders bind users, >> >> I have already asked a similar question which was more about DNS in >> general , this one is very specific about the AA bit. >> >> Today's question is : *« "dig pc1.reseau1.lan ns"** show AUTHORITY: 1 >> and "dig pc1.reseau1.lan" shows AUTHORITY: 0. Which setting or knowledge am >> I missing ? If possible, how to get AA answers for QNAME queries ? »* >> >> I have set up two virtual machines on a virtual local network using >> Oracle VirtualBox. One machine is a DNS authoritative-only server. The >> zone is named "reseau1.lan" and defined only in bind9 zone files. If I >> really have to, I will name it "reseau1.home.arpa" according to RFC 8375. >> (I chose .lan inspired by RFC 6762 appendix G). The IP address of the DNS >> server is 172.16.0.254 and the IP address of pc1 is 172.16.0.21. >> >> >> *dig soa reseau1.lan* : the AA bit is set, which is what I am looking for >> >> ͏ ͏ ͏ >> >> * dig pc1.reseau1.lan ns* : the AA bit is set >> >> ͏ ͏ ͏ ͏ >> >> *dig pc1.reseau1.lan* : *the AA bit is not set. Why ? Which setting or >> knowledge am I missing ?* >> >> >> >> Below my "named.conf.options" file >> >> ͏ >> >> >> ͏ ͏ ͏ ͏ >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >> from this list >> >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
