Can not query localhost

[David Carvalho]

Ok, so apparently everything seems to be running fine.


I am not using dnsssec (dnssec-validation is auto ?!) and "dnssec-enable
yes" was considered obsolete by named-checkconfg, so it is also commented.
I had to comment 

bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";

and everything worked. Still don't understand exactly why, I will continue
to investigate, but any feedback is welcome.
Thanks
Regards
David



-----Original Message-----
From: bind-users <bind-users-bounces at lists.isc.org> On Behalf Of David
Carvalho via bind-users
Sent: 13 January 2023 14:11
To: 'Marco' <mo01 at posteo.de>; bind-users at lists.isc.org
Subject: RE: Can not query localhost

Thanks for the reply.
Yes

ACL active. Exact same configuration as in old server named.conf, with a
different listening IP, of course, which belongs to my LAN ACL.

Performing "dig @localhost any my.domain" works perfectly. If querying just
"dig @localhost" or "dig @my.ip", tcpdump shows it trying to connect to top
level IPs And I keep getting SERVFAIL.


Regards.
David


-----Original Message-----
From: Marco <mo01 at posteo.de>
Sent: 13 January 2023 11:33
To: bind-users at lists.isc.org
Cc: David Carvalho <david at di.ubi.pt>
Subject: Re: Can not query localhost

Am 13.01.2023 schrieb David Carvalho via bind-users
<bind-users at lists.isc.org>:

> I get SERVFAIL when querying outside my domain.

Have you enabled an ACL that allows any IP address to query your public
zones?

You can only restrict recursive requests to your own IP addresses.

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list

ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users