Ok, so apparently everything seems to be running fine.
I am not using dnsssec (dnssec-validation is auto ?!) and "dnssec-enable yes" was considered obsolete by named-checkconfg, so it is also commented. I had to comment bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; and everything worked. Still don't understand exactly why, I will continue to investigate, but any feedback is welcome. Thanks Regards David -----Original Message----- From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of David Carvalho via bind-users Sent: 13 January 2023 14:11 To: 'Marco' <m...@posteo.de>; bind-users@lists.isc.org Subject: RE: Can not query localhost Thanks for the reply. Yes ACL active. Exact same configuration as in old server named.conf, with a different listening IP, of course, which belongs to my LAN ACL. Performing "dig @localhost any my.domain" works perfectly. If querying just "dig @localhost" or "dig @my.ip", tcpdump shows it trying to connect to top level IPs And I keep getting SERVFAIL. Regards. David -----Original Message----- From: Marco <m...@posteo.de> Sent: 13 January 2023 11:33 To: bind-users@lists.isc.org Cc: David Carvalho <da...@di.ubi.pt> Subject: Re: Can not query localhost Am 13.01.2023 schrieb David Carvalho via bind-users <bind-users@lists.isc.org>: > I get SERVFAIL when querying outside my domain. Have you enabled an ACL that allows any IP address to query your public zones? You can only restrict recursive requests to your own IP addresses. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
