Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

To: Debian Users ML <debian-user@lists.debian.org>
Subject: Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
From: Casey Deccio <casey@deccio.net>
Date: Mon, 13 Mar 2023 08:10:20 -0600
Message-id: <[🔎] 8225C5B2-4945-42E1-B27C-EE59AE6B5D5F@deccio.net>
In-reply-to: <[🔎] NQO_LK7--3-9@tutanota.com>
References: <[🔎] NQO_LK7--3-9@tutanota.com>

On Mar 13, 2023, at 12:08 AM, local10 <local10@tutanota.com> wrote:

I have a local caching DNS server that was working fine for a long time but today, all of a sudden, it stopped resolving queries.

More info: https://pastebin.com/iW5YeXgS

Any ideas? Thanks

Based on what I saw in the logs, your resolver is having trouble reaching the internet. It shows problems with both the priming query (./NS) and the trust query (./DNSKEY). Could you try running the following?

$ dig +norec @198.41.0.4 . NS

$ dig +norec @2001:503:ba3e::2:30 . NS

$ dig +norec @198.41.0.4 . DNSKEY

$ dig +norec @2001:503:ba3e::2:30 . DNSKEY

These manually send the same queries to the internet that your resolver is attempting.

Cheers,

Casey

Reply to:

Follow-Ups:
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>

References:
- BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>

Prev by Date: Re: Debian Installer: Specifying the preseed file device?
Next by Date: Debian Server
Previous by thread: Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Next by thread: Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Index(es):
- Date
- Thread