On 3/3/24 12:43, Victor Sudakov wrote:
Not that I would use bind9 as a caching resolver but still, how do you pass the dynamically obtained AWS DNS server address from systemd-networkd to bind9 ?
The AWS DNS resolver IPs are static and are widely published. It is permissible to not use AWS resolvers for upstream.If you want to use AWS resolvers you may run into the problem that some RBL services reject queries from 'well known' free DNS servers; that may include AWS resolver addresses.
systemd-networkd without systemd-resolved maintains a list of DNS servers in /etc/resolv.conf that can be used by local services.
You can override dynamic setting of the dns resolvers in the systemd-networkd configuration to use a local caching resolver such as bind9, usually listening at 127.0.0.1:53
You can then configure bind 9 as a caching only DNS resolver and set appropriate upstream (forwarder) sites, or none at all defaulting to the root servers.