On Wed, 2017-09-20 at 19:39 -0500, Chris wrote: > It was installed by default when upgrading from 14.04LTS to 16.04LTS > Then it may be best to just leave it there.
> I have stopped Network Manager. I've not disabled or removed it yet > as I'm watching to see how named does the queries now. > I didn't suggest removing it - just following the advice from others to change its configuration so it doesn't try to start dnsmasq or bind: leave starting the daemons that should always be running to systemd. Your named configuration looks fine to me. About the only extra items you might want in options are: dnssec-enable yes; dnssec-validation auto; dnssec-lookaside auto; In the ISC[*] website it says: - If you put “dnssec-validation auto” in named.conf, named will read the root key from bind.keys the first time it executes. - If you put “dnssec-lookaside auto” in named.conf, named will read the DLV key from bind.keys the first time it executes. - If you don’t have anything in named.conf and there is no bind.keys file, named will use the compiled in keys. so having these set as ISC suggests should mean that bind will automatically pick up changes to bind keys. They don't change very often but there are changes from time to time. [*] Internet Systems Consortium: https://www.isc.org/ - a non-profit that supports the Internet infrastructure. It is the source for downloading Root Trust Anchors, aka bind-keys. Martin