Good morning from the West Coast, It’s been a while since I’ve setup an authoritative bind server from scratch so I may be missing something very basic. First time in a docker container, besides the point but maybe it plays (this looks like a configuration issue in Bind). I’m getting the following errors when trying to resolve domains external to my own; ---snip--- 17:30:04.843 REFUSED unexpected RCODE resolving './NS/IN': 172.64.32.142#53
04-Dec-2020 17:30:04.859 REFUSED unexpected RCODE resolving ' www.cat.com/A/IN': 172.64.32.142#53 04-Dec-2020 17:30:04.865 REFUSED unexpected RCODE resolving './NS/IN': 172.64.33.136#53 04-Dec-2020 17:30:04.867 REFUSED unexpected RCODE resolving ' E.ROOT-SERVERS.NET/AAAA/IN': 172.64.32.142#53 04-Dec-2020 17:30:04.867 REFUSED unexpected RCODE resolving ' G.ROOT-SERVERS.NET/AAAA/IN': 172.64.32.142#53 04-Dec-2020 17:30:04.877 REFUSED unexpected RCODE resolving ' www.cat.com/A/IN': 172.64.33.136#53 04-Dec-2020 17:30:04.883 REFUSED unexpected RCODE resolving './NS/IN': 108.162.192.142#53 04-Dec-2020 17:30:04.884 REFUSED unexpected RCODE resolving ' E.ROOT-SERVERS.NET/AAAA/IN': 108.162.192.142#53 04-Dec-2020 17:30:04.889 REFUSED unexpected RCODE resolving ' G.ROOT-SERVERS.NET/AAAA/IN': 108.162.192.142#53 04-Dec-2020 17:30:04.897 REFUSED unexpected RCODE resolving ' www.cat.com/A/IN': 108.162.192.142#53 04-Dec-2020 17:30:04.906 REFUSED unexpected RCODE resolving ' E.ROOT-SERVERS.NET/AAAA/IN': 172.64.33.136#53 04-Dec-2020 17:30:04.906 REFUSED unexpected RCODE resolving './NS/IN': 108.162.193.136#53 ---end--- You’ll notice the above are Cloudflare resolvers (pete/roxy) I get a DNSSEC related error when the same resolution is attempted on the OpenDNS servers ---snip--- 04-Dec-2020 17:30:05.084 validating ./DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.' 04-Dec-2020 17:30:05.085 no valid KEY resolving './DNSKEY/IN': 208.67.220.220#53 04-Dec-2020 17:30:05.108 validating ./DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.' 04-Dec-2020 17:30:05.108 no valid KEY resolving './DNSKEY/IN': 208.67.222.222#53 ---end--- Named.conf has the correct sources for queries; ---snip--- acl permit { 172.30.0.0/16; ---end--- Named.conf.options has the correct forwarders, recursion and query statements (ignore syntax, pulling partials); ---snip--- forwarders { 108.162.193.136; 172.64.33.136; 108.162.192.142; 172.64.32.142; 173.245.58.142; 208.67.220.220; 208.67.222.222; }; allow-recursion { 172.30.0.0/16; allow-query { 172.30.0.0/16; ---end--- What am I missing here (flame away…)? -W “Solo puedo explicártelo a ti. No puedo entenderlo por ti”
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users