How do I proxy DNS requests from bind9 to acme-dns?
Here is my named/bind9 configuration file
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
dnssec-validation auto;
listen-on-v6 { any; };
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
recursion yes;
allow-recursion { any;}; # had to change to allow bind9 to query 127.0.0.53
version "go away";
};
zone "xample.in" {
type master;
file "/usr/local/etc/bind/zones/db.xample.in";
};
zone "auth.example.com" {
type static-stub;
server-addresses { 127.0.0.3; };
forward first;
forwarders { 127.0.0.3; };
};
I setup acme-dns to run on 127.0.0.3:53
. it replies to SOA, NS and TXT records.
While querying with dig TXT test.auth.example.com +trace
, I see -E(0)D
which can be reproduced with dig TXT test.auth.example.com @127.0.0.1 +norecurse +noedns +dnssec
Jun 17 03:14:09 in-servername named[6000]: client @0xffff7c0142c8 127.0.0.1#53223 (test.auth.example.com): query: test.auth.example.com IN TXT -E(0)D (127.0.0.1)
Jun 17 03:14:09 in-servername named[6000]: client @0xffff7c0142c8 127.0.0.1#53223 (test.auth.example.com): query failed (REFUSED) for test.auth.example.com/IN/TXT at query.c:5499
versions:
BIND 9.16.16 (Stable Release)
OS: Linux ARM64(aarch64)
I tried setting dnssec-validation no;
, it did not work
Configuration files
https://github.com/joohoi/acme-dns/blob/master/config.cfg
[general]
listen = "127.0.0.1:53"
# domain name to serve the requests off of
domain = "auth.example.com"
# zone name server
nsname = "one.ns.example.com"
# admin email address, where @ is substituted with .
nsadmin = "admin.example.com"
# predefined records served in addition to the TXT
records = [
# domain pointing to the public IP of your acme-dns server
"auth.example.com. A 198.51.100.1",
# specify that auth.example.org will resolve any *.auth.example.org records
"auth.example.com. NS one.ns.xample.in.",
]
zone file
$TTL 3600
@ IN SOA one.ns.xample.in. webmaster.xample.in. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ 86400 IN NS one.ns.xample.in.
@ 86400 IN NS two.ns.xample.in.
@ IN A 1.1.1.1
www IN A 1.1.1.1
_dmarc IN TXT "v=DMARC1; p=reject;"
_acme-challenge IN TXT __test_message__
Question: How do I proxy DNS requests from bind9 to acme-dns?