On Thu, 2017-09-21 at 11:58 +0100, Martin Gregorie wrote: > On Wed, 2017-09-20 at 19:39 -0500, Chris wrote: > > > > It was installed by default when upgrading from 14.04LTS to > > 16.04LTS > > > Then it may be best to just leave it there. > > > > > I have stopped Network Manager. I've not disabled or removed it yet > > as I'm watching to see how named does the queries now. > > > I didn't suggest removing it - just following the advice from others > to > change its configuration so it doesn't try to start dnsmasq or bind: > leave starting the daemons that should always be running to systemd. My mistake, I must have read somewhere yesterday about disabling or removing it.
> > Your named configuration looks fine to me. About the only extra items > you might want in options are: > > dnssec-enable yes; > dnssec-validation auto; > dnssec-lookaside auto; > > In the ISC[*] website it says: > - If you put “dnssec-validation auto” in named.conf, named will read > the root key from bind.keys the first time it executes. > - If you put “dnssec-lookaside auto” in named.conf, named will read > the > DLV key from bind.keys the first time it executes. > - If you don’t have anything in named.conf and there is no bind.keys > file, named will use the compiled in keys. > > so having these set as ISC suggests should mean that bind will > automatically pick up changes to bind keys. They don't change very > often but there are changes from time to time. > > [*] Internet Systems Consortium: https://www.isc.org/ - a non-profit > that supports the Internet infrastructure. It is the source for > downloading Root Trust Anchors, aka bind-keys. > Thanks for the above Martin. I'm still waiting for a query to isipp to happen since I stopped network manager. Seems like when you're waiting for something it never happens. > Martin > Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 08:35:00 up 1 day, 11:47, 1 user, load average: 1.05, 0.42, 0.33 Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-35-generic
signature.asc
Description: This is a digitally signed message part
