Hi Tony, Thanks for that.
But I'm curious, do you know does BIND failover to TCP if UDP timeouts during DNSKEY fetching? Thanks On Tue, Feb 25, 2020 at 12:47 AM Tony Finch <d...@dotat.at> wrote: > Branko Mijuskovic <branko.mijuskovic.h...@gmail.com> wrote: > > > > We have an authoritative DNS hidden master (bind-9.11.4-9) running behind > > the network where outgoing UDP traffic to unlisted IPs is blocked. > > > > We are using DNSSEC and I've noticed that we are getting following errors > > in the bind9 logfile: 'managed-keys-zone/default: Unable to fetch DNSKEY > > set '.': timed out' > > I have configured my hidden primary with a `forwarders` clause pointing at > my recursive servers, which should stop it from trying to talk to the > outside world. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Irish Sea: Westerly 5 to 7, occasionally gale 8 later in south. Moderate, > becoming rough or very rough in south. Wintry showers. Good, occasionally > poor. >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
