Thanks, had looked at 'man dig' but had assumed (oops) that only the items
listed under the various OPTIONS headings were available in .digrc. Glad to
learn that @<server> can also be used (confirmed with testing).
-----Original Message-----
From: Ondřej Surý <ond...@isc.org>
To: Leroy Tennison <leroy.tenni...@verizon.net>
Cc: bind-users@lists.isc.org
Sent: Mon, Apr 18, 2022 1:14 am
Subject: Re: Bind and systemd-resolved
Leroy,
here `man dig` is your friend:
Unless it is told to query a specific name server, dig will try each of the
servers listed in /etc/resolv.conf.When no command line arguments or options
are given, dig will perform an NS query for "." (the root).It is possible to
set per-user defaults for dig via ${HOME}/.digrc. This file is read and any
options in it are applied before the command line arguments.Ondřej --Ondřej
Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
On 18. 4. 2022, at 7:27, Leroy Tennison via bind-users
<bind-users@lists.isc.org> wrote:
When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key”
on the DNS server (Bind 9.11) sudoed to root I get:
;; Couldn't verify signature: expected a TSIG or SIG(0); Transfer failed.
This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has DNS=127.0.0.1
since the DNS server is running on it. Systemd-resolved has been restarted
afterward. I've tried using an actual interface address but it doesn't help.
It seems dig tries to use 127.0.0.53 due to its being in /etc/resolv.conf and
that fails even though dig for forward/reverse lookups works.
If I add @127.0.0.1 to the above it works. Is there a way to get this to work
without having to do that and not setting up the entire network configuration
using systemd. I realize it's not a big effort to add @127.0.0.1 but the
reason for the issue is obscure, the error message is misleading and my
distaste for systemd is sufficient enough that I would prefer avoiding it as
much as possible. Thanks for any input.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
