I ran dig debian.org ns to get a list of all authoritary servers for debian.org, and when I run dig @auth.server debian.org for some of authoritary servers I get an authorithary response and for others I don't. Why is that?
I'm basing my idea of not getting an authoritary response as in when the command is ran I get authority 0 in the flags section.
Asked
Active
Viewed 280 times
0
-
3"I get an authorithary response " Based on what? Show real traces you do and your reading of them to see where you are. It is not the content of the Authority section that says if the answer is authoritative or not, but the value of the AA flag in the response header, as it means "Authoritative Answer". – Patrick Mevzek Aug 27 '22 at 04:45
1 Answers
0
Speaking from experience with SAMBA and DNSSEC.
The reason for you won't get a response from dig or other DNS tool might due to you have enabled DNSSEC validation in the DNS server and the zone in question does not have DNSSEC enabled.
That is for instance the case with the DNS settings for Samba Active Directory.
In those cases you will get no reply due to the zone cannot be validated by DNSSEC.
There two ways out of it:
If possible:
Add DNSSEC records to the zone. This is not possible for Samba AFAIK.
Or (if you use Bind as a DNS server):
Add the zone to validate-except under options or view in your configuration file.
Lasse Michael Mølgaard
- 947
- 10
- 27