Re: Bind9 version 9.17.12 not starting without different DNS server

Mon, 17 May 2021 00:53:30 -0700 

Dominik,

please create issue in our GitLab (https://gitlab.isc.org/) and include
full logs (preferably run named with `-d 99` to get most diagnostic
output).

Thanks,
--
Ondřej Surý (He/Him)
ond...@isc.org

> On 17. 5. 2021, at 9:13, Dominik <dominiks.m...@gmx.net> wrote:
> 
> Hello,
> 
> yesterday I tried version 9.17.12 because of the new TLS features.
> My resolv.conf only contains the local resolver 127.0.0.1 and ::1.
> 
> The problem is that the new Bind9 doesn't start without having an
> alternative resolver in resolv.conf. It looks like something in the
> Bind9 startup process relies on DNS before itself is serving queries.
> 
> The last message in the logfile is:
> 
> named[14264]: managed-keys-zone: Failed to create fetch for DNSKEY update
> 
> After that the Bind9 process is running but doesn't answer queries.
> 
> Thanks for any help.
> 
> --
> Regards
> 
> Dominik
> 
> 
> 
> The named.conf looks like this:
> tls mytls {
>   cert-file "/etc/ssl/example.crt";
>   key-file "/etc/ssl/example.key";
> };
> 
> options {
>   directory "/usr/local/bind9/var/cache";
>   querylog no;
>   auth-nxdomain no;
>   dnssec-validation auto;
>   minimal-responses no-auth-recursive;
>   listen-on port 53 { any; };
>   listen-on-v6 { ::1; };
>   listen-on port 853 tls mytls { any; };
>   allow-transfer { none; };
>   allow-recursion { 127.0.0.1; ::1; };
>   recursion yes;
> };
> 
> logging {
>   category lame-servers { null; };
> };
> 
> // prime the server with knowledge of the root servers
> zone "." {
>   type hint;
>   file "/usr/local/bind9/etc/db.root";
> };
> 
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
> zone "localhost" {
>   type master;
>   file "/usr/local/bind9/etc/db.local";
> };
> 
> zone "127.in-addr.arpa" {
>   type master;
>   file "/usr/local/bind9/etc/db.127";
> };
> 
> zone "0.in-addr.arpa" {
>   type master;
>   file "/usr/local/bind9/etc/db.0";
> };
> 
> zone "255.in-addr.arpa" {
>   type master;
>   file "/usr/local/bind9/etc/db.255";
> };
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to