When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key”
on the DNS server (Bind 9.11) sudoed to root I get:
;; Couldn't verify signature: expected a TSIG or SIG(0); Transfer failed.
This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has DNS=127.0.0.1
since the DNS server is running on it. Systemd-resolved has been restarted
afterward. I've tried using an actual interface address but it doesn't help.
It seems dig tries to use 127.0.0.53 due to its being in /etc/resolv.conf and
that fails even though dig for forward/reverse lookups works.
If I add @127.0.0.1 to the above it works. Is there a way to get this to work
without having to do that and not setting up the entire network configuration
using systemd. I realize it's not a big effort to add @127.0.0.1 but the
reason for the issue is obscure, the error message is misleading and my
distaste for systemd is sufficient enough that I would prefer avoiding it as
much as possible. Thanks for any input.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
