[dns-operations] which breakage is this? FreeBSD.org / systemd-resolved
Phil Pennock
dnsop+phil at spodhuis.org
Fri Oct 30 01:21:56 UTC 2020
On 2020-10-29 at 21:17 +0100, Jeroen Massar wrote:
> I can only first suggest starting to use 'dig', as then it also shows you
> which is the server that is answering you and it is using TCP or not, just
> in case a random one is chosen from some config snippet.
Yes, I used that, the host output was shorter to paste into an email.
systemd-resolved is on 127.0.0.53 as a host-local resolver, so the
details of transport to it are pretty irrelevant: this is systemd
rejecting answers which two other implementations of validating
resolvers, on the local network, accept just fine.
> Note that upstream servers, NAT/firewall/router boxes can interfere with DNS
> and cause weird/unknown results too.
Thank you, but in this case the unbound/knot-resolver servers are the
upstream/forwarding servers, the knot being on the router itself, which
is a quite capable unit, not random cheap home junk.
This is specifically systemd-resolved rejecting entries which other
validating resolvers decide validates.
Works with:
Unbound: "Version 1.12.0", OpenSSL 1.1.1h
"Knot Resolver, version 5.1.2"
-Phil
More information about the dns-operations
mailing list