How do I proxy DNS requests from bind9 to acme-dns?
Here is my named/bind9 configuration file
options {
directory "/var/cache/bind";
auth-nxdomain no;
dnssec-validation auto;
listen-on-v6 { any; };
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
recursion yes;
allow-recursion { any;};
version "go away";
};
zone "xample.in" {
type master;
file "/usr/local/etc/bind/zones/db.xample.in";
};
zone "auth.example.com" {
type static-stub;
server-addresses { 127.0.0.3; };
forward first;
forwarders { 127.0.0.3; };
};
I setup acme-dns to run on 127.0.0.3:53
. it replies to SOA, NS and TXT records.
While querying with dig TXT test.auth.example.com +trace
, I see -E(0)D
which can be reproduced with dig TXT test.auth.example.com @127.0.0.1 +norecurse +noedns +dnssec
Jun 17 03:14:09 in-servername named[6000]: client @0xffff7c0142c8 127.0.0.1
Jun 17 03:14:09 in-servername named[6000]: client @0xffff7c0142c8 127.0.0.1
versions:
BIND 9.16.16 (Stable Release)
OS: Linux ARM64(aarch64)
I tried setting dnssec-validation no;
, it did not work
Configuration files
https://github.com/joohoi/acme-dns/blob/master/config.cfg
[general]
listen = "127.0.0.1:53"
domain = "auth.example.com"
nsname = "one.ns.example.com"
nsadmin = "admin.example.com"
records = [
"auth.example.com. A 198.51.100.1",
"auth.example.com. NS one.ns.xample.in.",
]
zone file
$TTL 3600
@ IN SOA one.ns.xample.in. webmaster.xample.in. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ 86400 IN NS one.ns.xample.in.
@ 86400 IN NS two.ns.xample.in.
@ IN A 1.1.1.1
www IN A 1.1.1.1
_dmarc IN TXT "v=DMARC1; p=reject;"
_acme-challenge IN TXT __test_message__
Question: How do I proxy DNS requests from bind9 to acme-dns?