On 14/3/23 06:23, Jeremy Ardley wrote:
I had a signed DNS error in a similar configuration using a bind
authoritive and caching server. It turned out it was systemd-resolved
interfering and/or replacing part of the DNS chain
FYI systed-resolved is the inbuilt debian caching DNS server which may
be enabled by default. If you run that you don't need a bind9 caching
name server
What does this report ?
systemctl status systemd-resolved
If there is anything there at all, check logs. You may find something
Also FYI you can run bind9 and systemd-resolved at the same time and set
bind9 to use systemd-resolved as forwarder
|options { directory "/var/cache/bind"; // Use systemd-resolved as a DNS
resolver forwarders { 127.0.0.53 port 53; }; dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035 ... Its probably a good idea to
not be too keen on dnssec validation - as above. |
--
Jeremy
(Lists)