Re: Bind and systemd-resolved

Mon, 18 Apr 2022 09:56:53 -0700 

There are a lot of extraneous details in here. This is not a BIND problem.

On Mon, 18 Apr 2022, Leroy Tennison via bind-users wrote:

When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key” 
on the DNS server (Bind 9.11) sudoed to root I get:


Why do you need to be root?
;; Couldn't verify signature: expected a TSIG or SIG(0); Transfer ;; failed. This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has DNS=127.0.0.1 since the DNS server is running on it. Systemd-resolved has been restarted afterward. I've tried using an actual interface address but it doesn't help. It seems dig tries to use 127.0.0.53 due to its being in /etc/resolv.conf and that fails even though dig for forward/reverse lookups works.
I take it you believe you have things properly configured and are implying that you have 127.0.0.1 configured but that it isn't updating resolv.conf (which contains the entry 127.0.0.53).
If I add @127.0.0.1 to the above it works. 

BIND is not broken. What happens when you try 127.0.0.53?
Is there a way to get this to work without having to do that and not setting up the entire network configuration using systemd. I realize it's not a big effort to add @127.0.0.1 but the reason for the issue is obscure, the error message is misleading 

To be determined.
and my distaste for systemd is sufficient enough that I would prefer avoiding it as much as possible. 

I hear you, but avoiding doesn't seem to be making it go away.

       systemd-resolved is a system service that provides network name
       resolution to local applications. It implements a caching and
       validating DNS/DNSSEC stub resolver, as well as an LLMNR and
       MulticastDNS resolver and responder.

(And it listens on 127.0.0.53.)

Maybe you should turn it off.

--

Fred Morris, internet plumber
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to