<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>I'm have a question:</p>
<p>IF<font color="#ffffff"> (Ignoring RFC 1035 #do not shoot the
messenger)</font> <br>
</p>
<p>I need to make an authoritative server that gives 'AA' flags to
every query, I would need to set only auth-nxdomain right?</p>
<p>I'm running this config:</p>
<p>#
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p>options {<br>
directory "/var/bind/";<br>
check-names master ignore;<br>
check-names slave ignore;<br>
check-names response ignore;<br>
<br>
auth-nxdomain yes;<br>
minimal-responses yes;<br>
version "Dont Do It";<br>
allow-recursion { 127.0.0.1/8; my-query-ip/32; };<br>
allow-new-zones yes;<br>
lame-ttl 1800;<br>
max-cache-ttl 43200;<br>
max-cache-size 100M;<br>
notify explicit;<br>
cleaning-interval 900;<br>
max-ncache-ttl 18000;<br>
pid-file "/var/run/named/named.pid";<br>
listen-on { any; };<br>
listen-on-v6 { any; };<br>
};<br>
<br>
view "internet" IN {<br>
match-clients { any; };<br>
};<br>
<br>
logging {<br>
channel default_file { file "/var/bind/logs/default.log"
versions 3 size 50m; severity info; print-time yes; };<br>
channel general_file { file "/var/bind/logs/general.log"
versions 3 size 50m; severity info; print-time yes; };<br>
channel database_file { file "/var/bind/logs/database.log"
versions 3 size 50m; severity error; print-time yes; };<br>
channel security_file { file "/var/bind/logs/security.log"
versions 3 size 50m; severity info; print-time yes; };<br>
channel config_file { file "/var/bind/logs/config.log" versions
3 size 50m; severity critical; print-time yes; };<br>
channel resolver_file { file "/var/bind/logs/resolver.log"
versions 3 size 50m; severity critical; print-time yes; };<br>
channel xfer-in_file { file "/var/bind/logs/xfer-in.log"
versions 3 size 50m; severity critical; print-time yes; };<br>
channel xfer-out_file { file "/var/bind/logs/xfer-out.log"
versions 3 size 50m; severity critical; print-time yes; };<br>
channel notify_file { file "/var/bind/logs/notify.log" versions
3 size 50m; severity critical; print-time yes; };<br>
channel client_file { file "/var/bind/logs/client.log" versions
3 size 50m; severity critical; print-time yes; };<br>
channel unmatched_file { file "/var/bind/logs/unmatched.log"
versions 3 size 50m; severity critical; print-time yes; };<br>
channel queries_file { file "/var/bind/logs/queries.log"
versions 3 size 50m; severity info; print-time yes; };<br>
channel network_file { file "/var/bind/logs/network.log"
versions 3 size 50m; severity critical; print-time yes; };<br>
channel update_file { file "/var/bind/logs/update.log" versions
3 size 50m; severity critical; print-time yes; };<br>
channel dispatch_file { file "/var/bind/logs/dispatch.log"
versions 3 size 50m; severity critical; print-time yes; };<br>
channel dnssec_file { file "/var/bind/logs/dnssec.log" versions
3 size 50m; severity critical; print-time yes; };<br>
<br>
category default { default_file; };<br>
category general { general_file; };<br>
category database { database_file; };<br>
category security { security_file; };<br>
category config { config_file; };<br>
category resolver { resolver_file; };<br>
category xfer-in { xfer-in_file; };<br>
category xfer-out { xfer-out_file; };<br>
category notify { notify_file; };<br>
category client { client_file; };<br>
category unmatched { unmatched_file; };<br>
category queries { queries_file; };<br>
category network { network_file; };<br>
category update { update_file; };<br>
category dispatch { dispatch_file; };<br>
category dnssec { dnssec_file; };<br>
category lame-servers { null; };<br>
};<br>
<br>
key "rndckey" {<br>
algorithm hmac-md5;<br>
secret "my-little-key";<br>
};</p>
<p>#
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p>$ dig @my-local-ip
typingsomerandomwords.doesntwork
<br>
<br>
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4
<<>> @my-local-ip
typingsomerandomwords.doesntwork <br>
; (1 server
found)
<br>
;; global options:
+cmd
<br>
;; Got
answer:
<br>
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:
26340 <br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL:
0 <br>
<br>
;; QUESTION
SECTION:
<br>
;typingsomerandomwords.doesntwork. IN
A
<br>
<br>
;; Query time: 199
msec
<br>
;; SERVER:
my-local-ip#53(my-local-ip)
<br>
;; WHEN: Thu Nov 9 18:29:37
2017
<br>
;; MSG SIZE rcvd:
50
<br>
<br>
</p>
<p>#
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
09-Nov-2017 16:29:22.392 client my-query-ip#39791
(typingsomerandomwords.doesntwork): view internet: query:
typingsomerandomwords.doesntwork IN A + (my-local-ip)<br>
09-Nov-2017 16:29:22.392 createfetch:
typingsomerandomwords.doesntwork A<br>
09-Nov-2017 16:29:27.581 client my-query-ip#39791
(typingsomerandomwords.doesntwork): view internet: query:
typingsomerandomwords.doesntwork IN A + (my-local-ip)<br>
09-Nov-2017 16:29:27.581 createfetch:
typingsomerandomwords.doesntwork A<br>
09-Nov-2017 16:29:32.392 client my-query-ip.19#39791
(typingsomerandomwords.doesntwork): view internet: query:
typingsomerandomwords.doesntwork IN A + (my-local-ip)<br>
09-Nov-2017 16:29:32.392 createfetch:
typingsomerandomwords.doesntwork A<br>
09-Nov-2017 16:29:32.393 client my-query-ip#39791
(typingsomerandomwords.doesntwork): view internet: query failed (<b>SERVFAIL</b>)
for typingsomerandomwords.doesntwork/IN/A <b>at query.c:7007</b><br>
<br>
</p>
<p>#
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</p>
<p><br>
</p>
<p>I'm stuck into this, the docs doesn't say auth-nxdomain is not
available to auth servers and I know it's a bad idea, but it's a
bad idea that can be achieved by DLZ drivers via queries and the
config should behave in a similar way (or the doc should be a bit
more clear about who can use and how it works).<br>
<br>
</p>
<p><br>
</p>
<div class="moz-signature">-- <br>
<link
href="https://fonts.googleapis.com/css?family=Roboto&subset=latin,latin-ext"
rel="stylesheet" type="text/css">
<style>
body{
border: none !important;}
</style> <br>
<span style="font-size: 15px; font-family: Calibri, Arial,
Helvetica, Verdana; padding-top: 20px; line-height: 30px; color:
#ddd;">
...................................................................................................................................................................................................</span>
<table style="margin-top: 20px; margin-bottom: 0px; border: none
!important;" border="0" cellspacing="0" cellpadding="0"
height="154">
<tbody>
<tr style="border: none !important;">
<td rowspan="2" style="border: none !important;"
align="center" width="179"> <a
href="https://www.kinghost.com.br"> <img
src="https://www.kinghost.com.br/kingnews/assinatura/logo.png"
width="175"> </a> </td>
<td rowspan="2" style=" border-right:1px solid #E5E5E5;"
width="23" height="132"> <br>
</td>
<td rowspan="2" style="border: none !important;" width="20"
height="132"> <br>
</td>
<td style="border: none !important;" valign="top"
width="600" height="64"> <span style="font-family:Roboto,
'Roboto Cn', 'Roboto Black', Arial, Helvetica,
sans-serif; font-weight:bold; font-size:18px;
color:#381859;">Filipe Cifali Stangler</span><span
style="font-family:Roboto, 'Roboto Cn', 'Roboto Black',
Arial, Helvetica, sans-serif; color:#99989d;
font-weight:bold; font-size:12px;"> | ANALISTA DE
INFRAESTRUTURA </span><br>
<span style="font-family:Roboto, 'Roboto Cn', 'Roboto
Black'; color:#99989d; font-size:12px;"><a
href="mailto:cifali@kinghost.com.br">cifali@kinghost.com.br</a>
| <a href="https://www.kinghost.com.br">www.kinghost.com.br</a></span><br>
</td>
</tr>
<tr style="border: none !important;">
<td colspan="2" cellpadding="0" cellspacing="0"
valign="bottom" height="60"> <span
style="font-family:Roboto, 'Roboto Cn', 'Roboto Black',
Arial, Helvetica, sans-serif; color:#99989d;
font-size:15px;">Tire suas dúvidas gratuitamente: <strong
style="color:#99989d;">0800.881.5464</strong><br>
Capitais e polos regionais: <strong
style="color:#99989d;">4003.5464</strong><br>
Atendimento fora do Brasil e Celulares: <strong
style="color:#99989d;">(51) 3301.5464</strong></span>
</td>
</tr>
</tbody> <tbody>
<tr style="border: none !important;">
<td colspan="4" style="border: none !important;"
align="center"> <br>
</td>
</tr>
<tr style="border: none !important;">
<td cellpadding="0" cellspacing="0" valign="bottom"
height="30"><br>
</td>
</tr>
</tbody>
</table>
<a href="http://kingho.st/assinatura"><img
src="https://www.kinghost.com.br/kingnews/assinatura/assinatura-email.png"
alt="banner - email" border="0"></a>
<table style="width: 100%; margin-top: 8px; padding: 15px 0;
border-left: none !important; border-right: none !important; "
border="0" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr style="border: none !important;">
<td style="border: none !important;"> <span
style="font-size: 15px; font-family:Roboto, 'Roboto Cn',
'Roboto Black', Arial, Helvetica, sans-serif;
line-height: 120%; margin: 15px 0; color: #a3a3a3;">
Este e-mail e seus anexos são confidenciais e podem
conter informações privilegiadas ou protegidas contra <br>
divulgação e/ou reprodução. Se você não é o destinatário
identificado acima, por favor, apague esta mensagem<br>
de seu sistema e notifique o remetente imediatamente. </span>
</td>
</tr>
</tbody>
</table>
<table style="border: none !important; width: 100%; padding: 15px
0;" border="0" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr style="border: none !important;">
<td style="border: none !important;"> <span
style="font-size: 15px; font-family:Roboto, 'Roboto Cn',
'Roboto Black', Arial, Helvetica, sans-serif;
line-height: 120%; color: #a3a3a3;"> This e-mail message
or any attachment thereto are confidential and may be
privileged or otherwise protected<br>
from disclosure and/or reproduction. If you are not
intendet recipient, please delete it from your system
and<br>
notify the sender immediately. </span> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>