jeremy ardley wrote: > > On 3/3/24 12:43, Victor Sudakov wrote: > > Not that I would use bind9 as a caching resolver but still, how > > do you pass the dynamically obtained AWS DNS server address from > > systemd-networkd to bind9 ? > > > The AWS DNS resolver IPs are static and are widely published.
Do you mean 169.254.169.253? > > It is permissible to not use AWS resolvers for upstream. > > If you want to use AWS resolvers you may run into the problem that some RBL > services reject queries from 'well known' free DNS servers; that may include > AWS resolver addresses. > > systemd-networkd without systemd-resolved maintains a list of DNS servers in > /etc/resolv.conf that can be used by local services. Do you just disable the systemd-resolved service or do you remove the systemd-resolved package completely? If you disable it, you are also supposed to remove the "resolve" service from nsswitch.conf, right? > You can override dynamic setting of the dns resolvers in the > systemd-networkd configuration to use a local caching resolver such as > bind9, usually listening at 127.0.0.1:53 What would this be for? Sorry, I did not understand this step. > > You can then configure bind 9 as a caching only DNS resolver and set > appropriate upstream (forwarder) sites, or none at all defaulting to the > root servers. > Thank you for the ideas, I may use them but first I would like to do something about the obvious bug in systemd-resolved. -- Victor Sudakov VAS4-RIPE http://vas.tomsk.ru/ 2:5005/49@fidonet
signature.asc
Description: PGP signature
