Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

To: debian-user@lists.debian.org
Subject: Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
From: Jeremy Ardley <jeremy@ardley.org>
Date: Tue, 14 Mar 2023 06:23:09 +0800
Message-id: <[🔎] 44493370-d84a-0d12-a3de-4d9b3daa82c0@ardley.org>
In-reply-to: <[🔎] NQS1TeZ--3-9@tutanota.com>
References: <[🔎] NQP2REz--B-9@tutanota.com> <[🔎] 3997a47a-10a5-0335-952b-cf834fae34c3@ardley.org> <[🔎] NQPESYE--3-9@tutanota.com> <[🔎] f881d5b7-6e9c-945d-7d6a-67cb3cfb9663@ardley.org> <[🔎] NQPOtbM--3-9@tutanota.com> <[🔎] E1pbfcm-0001Yt-SJ@enotuniq.net> <[🔎] NQPiwO3--3-9@tutanota.com> <[🔎] E1pbgfW-0001cy-8F@enotuniq.net> <[🔎] NQRXFzq--3-9@tutanota.com> <[🔎] E1pbpge-00029y-S5@enotuniq.net> <[🔎] NQS1TeZ--3-9@tutanota.com>


On 14/3/23 06:14, local10 wrote:


Strangely, the issue resolved itself without me having to do anything. Am really puzzled as to what it was. Perhaps the internet provider suddenly started to block DNS queries but then allowed them again? If so, why did dig's message say that there was "communications error to 127.0.0.1#53: timed out"? It really gives an impression that dig was failing to connect 127.0.0.1 port 53, on which bind was running.

# dig www.yahoo.com <http://www.yahoo.com>
;; communications error to 127.0.0.1#53: timed out
;; communications error to 127.0.0.1#53: timed out
...

Maybe someone will shed some light on this.

Thanks to everyone who responded.

I had a signed DNS error in a similar configuration using a bindauthoritive and caching server. It turned out it was systemd-resolvedinterfering and/or replacing part of the DNS chain

FYI systed-resolved is the inbuilt debian caching DNS server which maybe enabled by default. If you run that you don't need a bind9 cachingname server


What does this report ?

systemctl status systemd-resolved

If  there is anything there at all, check logs. You may find something

--
Jeremy
(Lists)

Reply to:

Follow-Ups:
- Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: Greg Wooledge <greg@wooledge.org>
- Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: Jeremy Ardley <jeremy@ardley.org>

References:
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: Jeremy Ardley <jeremy@ardley.org>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: Jeremy Ardley <jeremy@ardley.org>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: Reco <recoverym4n@enotuniq.net>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: Reco <recoverym4n@enotuniq.net>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>
- Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: Reco <recoverym4n@enotuniq.net>
- [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
  - From: local10 <local10@tutanota.com>

Prev by Date: Re: [SOLVED?] BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Next by Date: Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Previous by thread: Re: [SOLVED?] BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Next by thread: Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Index(es):
- Date
- Thread