Re: bind9 and dns forward
Le 19 mai 2023 Bonno Bloksma a écrit :
> Been a few busy week, that is why I only respond now, sory.
Same for me :/
> beheerdertio@linbobo:~$ cat /etc/resolv.conf
> domain bobo.xs4all.nl
> search bobo.xs4all.nl
> search tio.nl
> search staf.tio.nl
> search student.tio.nl
> nameserver 127.0.0.1
> nameserver 8.8.8.8
resolv.conf must have only one search entry. And you don't want to
resolv with google directly. So you should have :
domain bobo.xs4all.nl
search bobo.xs4all.nl tio.nl staf.tio.nl student.tio.nl
nameserver 127.0.0.1
> When booting if the internal bind is not up and running yet some services might need a resolver so I have 8.8.8.8 in there as well as a second dns entry.
Ensure this in services ordering (systemd or initd). It's better and
safer. And I think it's better to get an error than a false result from
bind.
> linbobo:~# dig tio.nl NS
>
> ; <<>> DiG 9.16.37-Debian <<>> tio.nl NS
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34517
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
This is the point : your local dns don't find tio.nl NS and then ask
somewhere else. 8.8.8.8 is in resolv.conf so you search tio.nl directly
on it and it gives you your provider name server.
Retry
dig tio.nl NS
with a clean resolv.conf and also
ss -nap | grep named
Reply to: