Hi. On Mon, Mar 13, 2023 at 08:53:35PM +0100, local10 wrote: > Mar 13, 2023, 12:06 by recovery...@enotuniq.net: > > > Looks correct, assuming that the contents of the key start with AwEAAaz > > and end with V74bU=. > > > > .... > > Look at /usr/share/dns/root.key. Compare its contents with > > /etc/bind/bind.keys. Replace the latter if needed. > > > > "dpkg-reconfigure -plow bind9" is probably more preferred way of doing > > it. > > > > They keys in the "/etc/bind/bind.keys" and "/usr/share/dns/root.key" are > identical:
Well, it was worth to check it. Next idea is somewhat more complicated. Install tcpdump. Run: tcpdump -pni any -s0 -w /tmp/dns.pcap -c 30 udp port 53 or tcp port 53 Bounce BIND, wait for a minute at least. Do some DNS queries. One or two will do. Interrupt tcpdump unless it completes by itself. Post dns.pcap. Reco