Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On Tue, Mar 14, 2023 at 08:05:55PM +, Darac Marjal wrote: > On 13/03/2023 23:23, Greg Wooledge wrote: > > I have not to this day figured out what "vendor preset" means here. > It would appear to be > https://www.freedesktop.org/software/systemd/man/systemd.preset.html. If I'm > reading the intr

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 13/03/2023 23:23, Greg Wooledge wrote: On Tue, Mar 14, 2023 at 07:04:02AM +0800, Jeremy Ardley wrote: I replicated your test above and it seems your listing has been accidentally truncated... Pipe it through cat to avoid the "left/right scrolling" crap. If you want to do this regularly, yo

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 23:33 by jer...@ardley.org: > You may be happy to learn you can't even install it as a separate package any > more. > > apt  install --reinstall systemd-resolved > Reading package lists... Done > Building dependency tree... Done > Reading state information... Done > Package systemd-

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On Tue, Mar 14, 2023 at 07:33:00AM +0800, Jeremy Ardley wrote: > So the mystery is how it gets onto a system using a standard install and > which package it comes from now and what is done with any presets unicorn:~$ dpkg -S systemd-resolved systemd: /usr/share/man/man8/systemd-resolved.8.gz syste

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 14/3/23 07:23, Greg Wooledge wrote: I have not to this day figured out what "vendor preset" means here. Mine shows the same as yours -- "disabled; vendor preset: enabled". All I care about is the part that says "disabled". That's the actual state. You may be happy to learn you can't ev

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On Tue, Mar 14, 2023 at 07:04:02AM +0800, Jeremy Ardley wrote: > I replicated your test above and it seems your listing has been accidentally > truncated... Pipe it through cat to avoid the "left/right scrolling" crap. > jeremy@testldap:~$ systemctl status systemd-resolved > ● systemd-resolved.se

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 14/3/23 06:34, Greg Wooledge wrote: On Tue, Mar 14, 2023 at 06:23:09AM +0800, Jeremy Ardley wrote: FYI systed-resolved is the inbuilt debian caching DNS server which may be enabled by default. It is NOT enabled by default. unicorn:~$ systemctl status systemd-resolved ● systemd-resolved.se

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 14/3/23 06:34, Greg Wooledge wrote: On Tue, Mar 14, 2023 at 06:23:09AM +0800, Jeremy Ardley wrote: FYI systed-resolved is the inbuilt debian caching DNS server which may be enabled by default. It is NOT enabled by default. It is if you are using NetworkManager -- Jeremy (Lists)

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 14/3/23 06:23, Jeremy Ardley wrote: I had a signed DNS error in a similar configuration using a bind authoritive and caching server. It turned out it was systemd-resolved interfering and/or replacing part of the DNS chain FYI systed-resolved is the inbuilt debian caching DNS server which

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On Tue, Mar 14, 2023 at 06:23:09AM +0800, Jeremy Ardley wrote: > FYI systed-resolved is the inbuilt debian caching DNS server which may be > enabled by default. It is NOT enabled by default. unicorn:~$ systemctl status systemd-resolved ● systemd-resolved.service - Network Name Resolution Loa

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On Mon, Mar 13, 2023 at 11:14:20PM +0100, local10 wrote: > Strangely, the issue resolved itself without me having to do anything. Am > really puzzled as to what it was. Perhaps the internet provider suddenly > started to block DNS queries but then allowed them again? If so, why did > dig's messa

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 14/3/23 06:14, local10 wrote: Strangely, the issue resolved itself without me having to do anything. Am really puzzled as to what it was. Perhaps the internet provider suddenly started to block DNS queries but then allowed them again? If so, why did dig's message say that there was "comm

Re: [SOLVED?] BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

> On Mar 13, 2023, at 4:14 PM, local10 wrote: > > Mar 13, 2023, 21:42 by recovery...@enotuniq.net: > >> Well, it was worth to check it. >> >> >> Next idea is somewhat more complicated. >> >> Install tcpdump. >> Run: >> tcpdump -pni any -s0 -w /tmp/dns.pcap -c 30 udp port 53 or tcp port 53 >

[SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 21:42 by recovery...@enotuniq.net: > Well, it was worth to check it. > > > Next idea is somewhat more complicated. > > Install tcpdump. > Run: > tcpdump -pni any -s0 -w /tmp/dns.pcap -c 30 udp port 53 or tcp port 53 > Bounce BIND, wait for a minute at least. > Do some DNS queries. On

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Hi. On Mon, Mar 13, 2023 at 08:53:35PM +0100, local10 wrote: > Mar 13, 2023, 12:06 by recovery...@enotuniq.net: > > > Looks correct, assuming that the contents of the key start with AwEAAaz > > and end with V74bU=. > > > > > > Look at /usr/share/dns/root.key. Compare its contents wit

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 11:50 by mv...@free.fr: > Did you check memory and disk space as suggested by jeremy ? > There's plenty of free RAM (4GB) and disk space (hundreds of GBs). Regards,

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 14:11 by ca...@deccio.net: > Based on what I saw in the logs, your resolver is having trouble reaching the > internet.  It shows problems with both the priming query (./NS) and the trust > query (./DNSKEY).  Could you try running the following? > > $ dig +norec @198.41.0.4 . NS > $

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 12:06 by recovery...@enotuniq.net: > Looks correct, assuming that the contents of the key start with AwEAAaz > and end with V74bU=. > > > Look at /usr/share/dns/root.key. Compare its contents with > /etc/bind/bind.keys. Replace the latter if needed. > > "dpkg-reconfigure -plow b

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

> On Mar 13, 2023, at 12:08 AM, local10 wrote: > > I have a local caching DNS server that was working fine for a long time but > today, all of a sudden, it stopped resolving queries. > > More info: https://pastebin.com/iW5YeXgS > > Any ideas? Thanks Based on what I saw in the logs, your res

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On Mon, Mar 13, 2023 at 12:29:44PM +0100, local10 wrote: > Mar 13, 2023, 10:57 by recovery...@enotuniq.net: > > > And now to the serious stuff. > > > > First things first, the log. > > > > Mar 13 05:03:18 tst named[52836]: 13-Mar-2023 05:03:18.963 queries: info: > > client @0x7f7812816d68 127.0.0

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Le 13 mars 2023 local a écrit : > Sure, I could have used some public DNS server and I may have to do that if I > can't get this issue resolved. Still, I'd like to understand why BIND > suddenly stopped working[1] for me and how to fix it. > > Regards, > > 1. It was working fine yesterday and I

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 11:24 by g...@wooledge.org: > For the record: > > unicorn:~$ sudo ss -ntlp | grep :53 > [sudo] password for greg: > LISTEN 0 20 0.0.0.0:53 0.0.0.0:* > users:(("dnscache",pid=664,fd=4)) > > In general, ss replaces netstat for this kind of query. I don't kn

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 10:57 by recovery...@enotuniq.net: > And now to the serious stuff. > > First things first, the log. > > Mar 13 05:03:18 tst named[52836]: 13-Mar-2023 05:03:18.963 queries: info: > client @0x7f7812816d68 127.0.0.1#38800 (www.yahoo.com > ): query: > www.yahoo.co

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On Mon, Mar 13, 2023 at 09:19:41AM +0100, local10 wrote: > Mar 13, 2023, 07:25 by jer...@ardley.org: > > > Try > > > > netstat -tulpnW | grep 53 > > > > and see what's listening > > > > Bind seems to be listening on 127.0.0.1 port 53. > > I don't have netstat installed and can't easily install i

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Hi. On Mon, Mar 13, 2023 at 10:57:48AM +0100, local10 wrote: > Mar 13, 2023, 09:32 by jer...@ardley.org: > > > My next best option is simply to remove your bind caching server (it sounds > > like it's not really necessary in your application) > > > > Backup /etc/bind and /var/cache/bind

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 09:32 by jer...@ardley.org: > My next best option is simply to remove your bind caching server (it sounds > like it's not really necessary in your application) > > Backup /etc/bind and /var/cache/bind > > then > > systemctl remove bind9 > > systemctl purge bind9 > > And then edit /e

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 13/3/23 17:12, local10 wrote: "debug 1;" doesn't seem to be a valid option, couldn't start BIND with it.  Anyhow, the following is what I get when running "dig www.yahoo.com" Mar 13 05:03:11 tst systemd[1]: Started named.service - BIND Domain Name Server. Mar 13 05:03:11 tst named[52836]:

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 08:31 by jer...@ardley.org: > Sorry. Last message was garbled. Try this in /etc/bind/named.conf.options > > options { >     // other configuration options ... >     debug 1; >     logging { >     channel debug_log { >     file "/var/log/bin

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 13/3/23 16:19, local10 wrote: Mar 13, 2023, 07:25 by jer...@ardley.org: Try netstat -tulpnW | grep 53 and see what's listening Bind seems to be listening on 127.0.0.1 port 53. I don't have netstat installed and can't easily install it as aptitude can't resolve Debian server's name to

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 13/3/23 16:19, local10 wrote: Bind seems to be listening on 127.0.0.1 port 53. I don't have netstat installed and can't easily install it as aptitude can't resolve Debian server's name to an IP, so the following is what I tried: # telnet -4 127.0.0.1 53 Trying 127.0.0.1... Connected to 1

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 07:25 by jer...@ardley.org: > Try > > netstat -tulpnW | grep 53 > > and see what's listening > Bind seems to be listening on 127.0.0.1 port 53. I don't have netstat installed and can't easily install it as aptitude can't resolve Debian server's name to an IP, so the following is w

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 13/3/23 14:34, local10 wrote: Mar 13, 2023, 06:19 by jer...@ardley.org: The contents of /etc/resolv.conf are always of interest. There's really not much there: # cat /etc/resolv.conf nameserver 127.0.0.1 That and /etc/nsswitch.conf a/etc/hosts # cat /etc/nsswitch.conf # /etc/nssw

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Mar 13, 2023, 06:19 by jer...@ardley.org: > The contents of /etc/resolv.conf are always of interest. > There's really not much there: # cat /etc/resolv.conf nameserver 127.0.0.1 > That and /etc/nsswitch.conf a/etc/hosts > # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configurati

Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

On 13/3/23 14:08, local10 wrote: Hi, I have  a local caching DNS server that was working fine for a long time but today, all of a sudden, it stopped resolving queries. More info: https://pastebin.com/iW5YeXgS Any ideas? Thanks The contents of /etc/resolv.conf are always of interest. That

BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

Hi, I have  a local caching DNS server that was working fine for a long time but today, all of a sudden, it stopped resolving queries. More info: https://pastebin.com/iW5YeXgS Any ideas? Thanks