Bind and systemd-resolved
Leroy Tennison
leroy.tennison at verizon.net
Tue Apr 19 02:44:30 UTC 2022
Good points, thanks.
-----Original Message-----
From: Reindl Harald <h.reindl at thelounge.net>
To: bind-users at lists.isc.org
Sent: Mon, Apr 18, 2022 12:41 am
Subject: Re: Bind and systemd-resolved
Am 18.04.22 um 07:26 schrieb Leroy Tennison via bind-users:
> When I attempt “dig -t AXFR office.example.com -k
> Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to
> root I get:
>
> ;; Couldn't verify signature: expected a TSIG or SIG(0)
> ; Transfer failed.
>
> This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has
> DNS=127.0.0.1 since the DNS server is running on it. Systemd-resolved
> has been restarted afterward. I've tried using an actual interface
> address but it doesn't help. It seems dig tries to use 127.0.0.53 due
> to its being in /etc/resolv.conf and that fails even though dig for
> forward/reverse lookups works.
>
> If I add @127.0.0.1 to the above it works. Is there a way to get this
> to work without having to do that and not setting up the entire network
> configuration using systemd. I realize it's not a big effort to add
> @127.0.0.1 but the reason for the issue is obscure, the error message is
> misleading and my distaste for systemd is sufficient enough that I would
> prefer avoiding it as much as possible. Thanks for any input
so why don't you just disable systemd-resolved?
i run Fedora everywhere in production and on workstations, have masked
it and after "chattr +i /etc/resolv.conf" nothing messes up resolv.conf
(even without resolvd existing it would have the immutable flag to
prevent the dhcp client fpr the WAN interface assign the broken ISP
resolvers)
[root at srv-rhsoft:~]$ systemctl status systemd-resolved.service
○ systemd-resolved.service
Loaded: masked (Reason: Unit systemd-resolved.service is masked.)
Active: inactive (dead)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220419/0cf055b9/attachment-0001.htm>
More information about the bind-users
mailing list