Bind and systemd-resolved
Reindl Harald
h.reindl at thelounge.net
Mon May 2 08:13:40 UTC 2022
Am 01.05.22 um 23:54 schrieb Nick Tait via bind-users:
> On 1/05/2022 9:13 pm, Reindl Harald wrote:
>> Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
>>> I'm not 100% sure, but I wonder if disabling systemd-resolved may
>>> create issues if, for example, you are using netplan with
>>> systemd-networkd as the renderer? E.g. Will it still be possible to
>>> pick up DNS servers from IPv6 router advertisements?
>> pick up some nameservers from wherever is exactly what you *don't
>> want* in case you have named running on your machine as resolver
>>
>> you want 127.0.0.1 act as your resolver no matter what
>
> Well, not always... If your local BIND service isn't a recursive
> resolver
irrelevant in context of this topic and worth exactly the same as saying
"if you don't use bind at all" and honestly i don't get why you responed
to that thread nearly a week later at all
below again the thread start and it's irrelevant what can be in some
completly different context when the problem here is systemd-resolved
-------------------
When I attempt “dig -t AXFR office.example.com -k
Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to
root I get:
;; Couldn't verify signature: expected a TSIG or SIG(0)
; Transfer failed.
This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has
DNS=127.0.0.1 since the DNS server is running on it. Systemd-resolved
has been restarted afterward. I've tried using an actual interface
address but it doesn't help. It seems dig tries to use 127.0.0.53 due
to its being in /etc/resolv.conf and that fails even though dig for
forward/reverse lookups works.
If I add @127.0.0.1 to the above it works. Is there a way to get this
to work without having to do that and not setting up the entire network
configuration using systemd. I realize it's not a big effort to add
@127.0.0.1 but the reason for the issue is obscure, the error message is
misleading and my distaste for systemd is sufficient enough that I would
prefer avoiding it as much as possible. Thanks for any input.
More information about the bind-users
mailing list