On Sun, Aug 31, 2014 at 11:35:40AM +0200, Patrick Ben Koetter wrote: > ; <<>> DiG 9.9.5-3-Ubuntu <<>> SOA +dnssec sys4.de > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61650 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 3 > > ^^ > > If you don't see it, you resolver cannot authenticated DNSSEC enabled domains. > Then you need to change that.
I think I found the issue: LXC has started its own DNS server, and my LXC guest is not using my bind9 server, but the one provided by LXC: lxc-dns+ 1848 1 0 Aug22 ? 00:09:45 dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --conf-file= --listen-address 10.0.3.1 --dhcp-range 10.0.3.100,10.0.3.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative I will check how to change the configuration of the LXC DNS server that it resolves too DNSSEC or I will update my /etc/resolve.conf file on the LXC guest system to ask directly my bind server. Thanks very much for your helps. -- Best regards, Peter Bauer Linux & UNIX developper
