[dns-operations] which breakage is this? FreeBSD.org / systemd-resolved

Phil Pennock dnsop+phil at spodhuis.org
Fri Oct 30 01:21:56 UTC 2020

On 2020-10-29 at 21:17 +0100, Jeroen Massar wrote:
> I can only first suggest starting to use 'dig', as then it also shows you
> which is the server that is answering you and it is using TCP or not, just
> in case a random one is chosen from some config snippet.

Yes, I used that, the host output was shorter to paste into an email.
systemd-resolved is on as a host-local resolver, so the
details of transport to it are pretty irrelevant: this is systemd
rejecting answers which two other implementations of validating
resolvers, on the local network, accept just fine.

> Note that upstream servers, NAT/firewall/router boxes can interfere with DNS
> and cause weird/unknown results too.

Thank you, but in this case the unbound/knot-resolver servers are the
upstream/forwarding servers, the knot being on the router itself, which
is a quite capable unit, not random cheap home junk.

This is specifically systemd-resolved rejecting entries which other
validating resolvers decide validates.

Works with:
  Unbound: "Version 1.12.0", OpenSSL 1.1.1h
  "Knot Resolver, version 5.1.2"


More information about the dns-operations mailing list