Re: apt temporary failure resolving deb.debian.org
On 4/9/23, Tim Woodall <debianuser@woodall.me.uk> wrote:
> On Sun, 9 Apr 2023, Badli Al Rashid wrote:
>
>> Hi All,
>>
>> Gooday everybody. Anyone having temporary failure when running apt update
>> with own bind local resolver ? I got a temporary failure resolving
>> deb.debian.org and www.debian.org since last week thursday. I can resolve
>> other sites like www.kernel.org and others.
>>
>> When I switch to other DNS servers I can resolve www.debian.org.
>>
>> The command dig with +cd option I was able to resolve dwb.debian.org and
>> www.debian.org.
>>
>> I am using bullseye bind packages and then upgraded to bind to sury to
>> test. It is still the same.
>>
>
> I've also been having severe problems resolving debian.org domains.
>
> I've now turned off dnssec validation on my bind server.
>
>
> //========================================================================
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> // https://www.isc.org/bind-keys
>
> //========================================================================
> dnssec-validation no;
If it was "yes" that might be the problem.
dnssec-validation auto;
# If dnssec-validation is set to auto, then a default trust
anchor for the DNS root zone will be used.
# If it is set to yes, however, then at least one trust anchor
must be configured with a trusted-keys
# or managed-keys statement in named.conf, or DNSSEC
validation will not occur.
# The default setting is yes.
The only DNS issues I've noticed are NTP starting before BIND at boot
time and all the
N.debian.pool.ntp.org
queries failing until bind is up and running.
Regards
Lee
Reply to: