DNS query failed if I turned on DNSSec
Summary
Dear, sir
I repeatedly encounter this issue. I use my BIND 9 DNS service as a resolver only and it does not provider DNS hosting service.
However, if I turned on the DNSSec query function in the configuration file, after some time of working (several days to nearly two weeks), the DNS resolving service will fail.
Once I restarted the BIND9 service, DNS resolving function gets back to normal. But later for a duration (days to weeks), it stops to working again.
I enabled the DNSSec querying function by this two lines in the ./bind/named.conf.options
file.
dnssec-enable yes;
dnssec-validation auto;
Error output
aaa@bbb:~$ nslookup baidu.com Server: 127.0.0.53 Address: 127.0.0.53#53
** server can't find baidu.com: SERVFAIL
BIND version used
bind9: Installed: 1:9.11.3+dfsg-1ubuntu1.8 Candidate: 1:9.11.3+dfsg-1ubuntu1.9
Notice
My named.conf.options settings is published at Github here, https://github.com/TomHsiung/bind/blob/master/named.conf.options