Bind and systemd-resolved
Reindl Harald
h.reindl at thelounge.net
Mon Apr 18 05:41:53 UTC 2022
Am 18.04.22 um 07:26 schrieb Leroy Tennison via bind-users:
> When I attempt “dig -t AXFR office.example.com -k
> Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to
> root I get:
>
> ;; Couldn't verify signature: expected a TSIG or SIG(0)
> ; Transfer failed.
>
> This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has
> DNS=127.0.0.1 since the DNS server is running on it. Systemd-resolved
> has been restarted afterward. I've tried using an actual interface
> address but it doesn't help. It seems dig tries to use 127.0.0.53 due
> to its being in /etc/resolv.conf and that fails even though dig for
> forward/reverse lookups works.
>
> If I add @127.0.0.1 to the above it works. Is there a way to get this
> to work without having to do that and not setting up the entire network
> configuration using systemd. I realize it's not a big effort to add
> @127.0.0.1 but the reason for the issue is obscure, the error message is
> misleading and my distaste for systemd is sufficient enough that I would
> prefer avoiding it as much as possible. Thanks for any input
so why don't you just disable systemd-resolved?
i run Fedora everywhere in production and on workstations, have masked
it and after "chattr +i /etc/resolv.conf" nothing messes up resolv.conf
(even without resolvd existing it would have the immutable flag to
prevent the dhcp client fpr the WAN interface assign the broken ISP
resolvers)
[root at srv-rhsoft:~]$ systemctl status systemd-resolved.service
○ systemd-resolved.service
Loaded: masked (Reason: Unit systemd-resolved.service is masked.)
Active: inactive (dead)
More information about the bind-users
mailing list