Closed fmiqbal closed 9 months ago
Thanks for the post. The issue is due to the DNS server failing to validate DNSSEC since the upstream DNS server (192.168.54.14, your network wide DNS server) is not returning RRSIG records. You need to check with the upstream DNS server as to why its blocking DNSSEC related records.
It worked when you used the DNS Client directly with the upstream DNS server since you did not enable DNSSEC Validation checkbox while testing. Try again with DNSSEC validation and you should see the same error.
The conditional forwarder zone you have with DNSSEC validation disabled will make it work but its just disabling security. That is, the DNS server is correctly detecting that your upstream is tampering with DNSSEC response and in return you disabled DNSSEC.
Ok thank you, indeed the upstream DNS Server doesn't have DNSSEC, and I think the setting page on technitium has DNSSEC enabled, weirdly I think I never change the settings, and it works before (but I don't exactly know if the upstream DNS disabled the DNSSEC just yesterday, or it always been disabled)
but for now, i've disabled the DNSSEC setting in technitium.
thanks for your assistance
Out of the blue I can't resolve docker.io domain
this is the log
this is the resolve result
I didnt quite understand about this part of dns knowledge, but a little bit digging I think the issue is with the .io domain ?
I basically run technitium dns server inside docker container, and have default fwd to 192.168.54.14 (our network-wide dns server), all other domain (I think is good) except all from .io domain, so here is the result of resolving .io domain to my server
even though if I resolve using the forwarder its good (192.168.54.14)
For now I use conditionally forwarded zone to setup all .io domain to fwd to the resolver