I just noticed another difference between our configurations. You have: dnssec-validation yes; and I have dnssec-validation auto;
The manual says you need additional configuration if you have "yes" set: https://bind9.readthedocs.io/en/v9_18_9/dnssec-guide.html#dnssec-validation-explained Again, not sure how this could cause the problem you are having, but it's worth a try... On Tue, Nov 29, 2022 at 10:32 PM Hamid Maadani <ha...@dexo.tech> wrote: > > > > That looks like, if the stale config options are removed, then NS1 > > can't get an answer from NS2 at all? Or you are saying that's what > > you get if NS2 isn't running and you query NS1 regarding test.com > > without the stale config options? > > It would be the latter, I removed stale configs from NS1, and shut down NS2. > Then verified NS1 cache still has an entry for test.com, and queried NS1 for > test.com > Basically, NS1 does not utilize its own cache at all! > > Regards > Hamid Maadani > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users