Hi Santiago,
> On 28. 5. 2025, at 11:43, Santiago Vila <sanv...@debian.org> wrote: > > So: Why is the "forwarders" directive obsolete or useless? > What am I supposed to use instead? > > If it's not really obsolete, could we please get those commented lines back? > > Or maybe the idea was to make the file as short as possible and let the user > look for such information elsewhere? simply said, BIND 9 is a full DNSSEC Validating Resolver. If you want to use your DNS provider resolvers, you can just use the stub resolver[*] and you don't need to run `named` at all. Additionally, as the DNSSEC validation is enabled by default, it can run into all kind of problems when the upstream resolver is not DNSSEC capable. With all that in mind, it makes a little sense to recommend using the upstream (ISP) resolvers by default in the configuration file. (I'll apply the patch, thanks.) * - or systemd-resolved or dnsmasq Ondrej -- Ondřej Surý (He/Him) ond...@sury.org
