On 2020-10-29 at 21:17 +0100, Jeroen Massar wrote: > I can only first suggest starting to use 'dig', as then it also shows you > which is the server that is answering you and it is using TCP or not, just > in case a random one is chosen from some config snippet.
Yes, I used that, the host output was shorter to paste into an email. systemd-resolved is on 127.0.0.53 as a host-local resolver, so the details of transport to it are pretty irrelevant: this is systemd rejecting answers which two other implementations of validating resolvers, on the local network, accept just fine. > Note that upstream servers, NAT/firewall/router boxes can interfere with DNS > and cause weird/unknown results too. Thank you, but in this case the unbound/knot-resolver servers are the upstream/forwarding servers, the knot being on the router itself, which is a quite capable unit, not random cheap home junk. This is specifically systemd-resolved rejecting entries which other validating resolvers decide validates. Works with: Unbound: "Version 1.12.0", OpenSSL 1.1.1h "Knot Resolver, version 5.1.2" -Phil _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
