Re: bind9 and dns forward

Le 19 mai 2023 Bonno Bloksma a écrit :

> Been a few busy week, that is why I only respond now, sory.

Same for me :/

> beheerdertio@linbobo:~$ cat /etc/resolv.conf
> domain bobo.xs4all.nl
> search bobo.xs4all.nl
> search tio.nl
> search staf.tio.nl
> search student.tio.nl
> nameserver
> nameserver

resolv.conf must have only one search entry. And you don't want to
resolv with google directly. So you should have :

domain bobo.xs4all.nl
search bobo.xs4all.nl tio.nl staf.tio.nl student.tio.nl

> When booting if the internal bind is not up and running yet some services might need a resolver so I have in there as well as a second dns entry.

Ensure this in services ordering (systemd or initd). It's better and
safer. And I think it's better to get an error than a false result from

> linbobo:~# dig tio.nl NS
> ; <<>> DiG 9.16.37-Debian <<>> tio.nl NS
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34517
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

This is the point : your local dns don't find tio.nl NS and then ask
somewhere else. is in resolv.conf so you search tio.nl directly
on it and it gives you your provider name server.

 dig tio.nl NS
with a clean resolv.conf and also
 ss -nap | grep named

