Good points, thanks.
-----Original Message----- From: Reindl Harald <h.rei...@thelounge.net> To: bind-users@lists.isc.org Sent: Mon, Apr 18, 2022 12:41 am Subject: Re: Bind and systemd-resolved Am 18.04.22 um 07:26 schrieb Leroy Tennison via bind-users: > When I attempt “dig -t AXFR office.example.com -k > Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to > root I get: > > ;; Couldn't verify signature: expected a TSIG or SIG(0) > ; Transfer failed. > > This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has > DNS=127.0.0.1 since the DNS server is running on it. Systemd-resolved > has been restarted afterward. I've tried using an actual interface > address but it doesn't help. It seems dig tries to use 127.0.0.53 due > to its being in /etc/resolv.conf and that fails even though dig for > forward/reverse lookups works. > > If I add @127.0.0.1 to the above it works. Is there a way to get this > to work without having to do that and not setting up the entire network > configuration using systemd. I realize it's not a big effort to add > @127.0.0.1 but the reason for the issue is obscure, the error message is > misleading and my distaste for systemd is sufficient enough that I would > prefer avoiding it as much as possible. Thanks for any input so why don't you just disable systemd-resolved? i run Fedora everywhere in production and on workstations, have masked it and after "chattr +i /etc/resolv.conf" nothing messes up resolv.conf (even without resolvd existing it would have the immutable flag to prevent the dhcp client fpr the WAN interface assign the broken ISP resolvers) [root@srv-rhsoft:~]$ systemctl status systemd-resolved.service ○ systemd-resolved.service Loaded: masked (Reason: Unit systemd-resolved.service is masked.) Active: inactive (dead) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users