Bind and systemd-resolved

Reindl Harald h.reindl at thelounge.net
Mon May 2 08:13:40 UTC 2022 


Am 01.05.22 um 23:54 schrieb Nick Tait via bind-users:
> On 1/05/2022 9:13 pm, Reindl Harald wrote:
>> Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
>>> I'm not 100% sure, but I wonder if disabling systemd-resolved may 
>>> create issues if, for example, you are using netplan with 
>>> systemd-networkd as the renderer? E.g. Will it still be possible to 
>>> pick up DNS servers from IPv6 router advertisements?
>> pick up some nameservers from wherever is exactly what you *don't 
>> want* in case you have named running on your machine as resolver
>>
>> you want 127.0.0.1 act as your resolver no matter what
> 
> Well, not always... If your local BIND service isn't a recursive 
> resolver

irrelevant in context of this topic and worth exactly the same as saying 
"if you don't use bind at all" and honestly i don't get why you responed 
to that thread nearly a week later at all

below again the thread start and it's irrelevant what can be in some 
completly different context when the problem here is systemd-resolved

-------------------

When I attempt “dig -t AXFR office.example.com -k 
Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to 
root I get:

;; Couldn't verify signature: expected a TSIG or SIG(0)
; Transfer failed.

This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has 
DNS=127.0.0.1 since the DNS server is running on it.  Systemd-resolved 
has been restarted afterward.  I've tried using an actual interface 
address but it doesn't help.  It seems dig tries to use 127.0.0.53 due 
to its being in /etc/resolv.conf and that fails even though dig for 
forward/reverse lookups works.

If I add @127.0.0.1 to the above it works.  Is there a way to get this 
to work without having to do that and not setting up the entire network 
configuration using systemd.  I realize it's not a big effort to add 
@127.0.0.1 but the reason for the issue is obscure, the error message is 
misleading and my distaste for systemd is sufficient enough that I would 
prefer avoiding it as much as possible.  Thanks for any input.

More information about the bind-users mailing list