On 3/3/24 12:43, Victor Sudakov wrote:
Not that I would use bind9 as a caching resolver but still, how
do you pass the dynamically obtained AWS DNS server address from
systemd-networkd to bind9 ?
The AWS DNS resolver IPs are static and are widely published.
It is permissible to not use AWS resolvers for upstream.
If you want to use AWS resolvers you may run into the problem that some
RBL services reject queries from 'well known' free DNS servers; that may
include AWS resolver addresses.
systemd-networkd without systemd-resolved maintains a list of DNS
servers in /etc/resolv.conf that can be used by local services.
You can override dynamic setting of the dns resolvers in the
systemd-networkd configuration to use a local caching resolver such as
bind9, usually listening at 127.0.0.1:53
You can then configure bind 9 as a caching only DNS resolver and set
appropriate upstream (forwarder) sites, or none at all defaulting to the
root servers.
