There are a lot of extraneous details in here. This is not a BIND problem.
On Mon, 18 Apr 2022, Leroy Tennison via bind-users wrote:
When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key”
on the DNS server (Bind 9.11) sudoed to root I get:
Why do you need to be root?
;; Couldn't verify signature: expected a TSIG or SIG(0); Transfer
;; failed.
This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has
DNS=127.0.0.1 since the DNS server is running on it. Systemd-resolved
has been restarted afterward. I've tried using an actual interface
address but it doesn't help. It seems dig tries to use 127.0.0.53 due
to its being in /etc/resolv.conf and that fails even though dig for
forward/reverse lookups works.
I take it you believe you have things properly configured and are implying
that you have 127.0.0.1 configured but that it isn't updating resolv.conf
(which contains the entry 127.0.0.53).
If I add @127.0.0.1 to the above it
works.
BIND is not broken. What happens when you try 127.0.0.53?
Is there a way to get this to work without having to do that and
not setting up the entire network configuration using systemd. I
realize it's not a big effort to add @127.0.0.1 but the reason for the
issue is obscure, the error message is misleading
To be determined.
and my distaste for
systemd is sufficient enough that I would prefer avoiding it as much as
possible.
I hear you, but avoiding doesn't seem to be making it go away.
systemd-resolved is a system service that provides network name
resolution to local applications. It implements a caching and
validating DNS/DNSSEC stub resolver, as well as an LLMNR and
MulticastDNS resolver and responder.
(And it listens on 127.0.0.53.)
Maybe you should turn it off.
--
Fred Morris, internet plumber
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users