<div dir="ltr">Good morning from the West Coast,<br>                It’s been a while since I’ve setup an authoritative bind server from scratch so I may be missing something very basic. First time in a docker container, besides the point but maybe it plays (this looks like a configuration issue in Bind). I’m getting the following errors when trying to resolve domains external to my own;<br>---snip---<br>17:30:04.843 REFUSED unexpected RCODE resolving './NS/IN': 172.64.32.142#53                                                                                                                                                                                                                                                                          <br>04-Dec-2020 17:30:04.859 REFUSED unexpected RCODE resolving '<a href="http://www.cat.com/A/IN">www.cat.com/A/IN</a>': 172.64.32.142#53                                                                                                                                                                                                                                                                                              <br>04-Dec-2020 17:30:04.865 REFUSED unexpected RCODE resolving './NS/IN': 172.64.33.136#53                                                                                                                                                                                                                                                                                                       <br>04-Dec-2020 17:30:04.867 REFUSED unexpected RCODE resolving '<a href="http://E.ROOT-SERVERS.NET/AAAA/IN">E.ROOT-SERVERS.NET/AAAA/IN</a>': 172.64.32.142#53                                                                                                                                                                                                                                                                                    <br>04-Dec-2020 17:30:04.867 REFUSED unexpected RCODE resolving '<a href="http://G.ROOT-SERVERS.NET/AAAA/IN">G.ROOT-SERVERS.NET/AAAA/IN</a>': 172.64.32.142#53                                                                                                                                                                                                                                                                                    <br>04-Dec-2020 17:30:04.877 REFUSED unexpected RCODE resolving '<a href="http://www.cat.com/A/IN">www.cat.com/A/IN</a>': 172.64.33.136#53                                                                                                                                                                                                                                                                                              <br>04-Dec-2020 17:30:04.883 REFUSED unexpected RCODE resolving './NS/IN': 108.162.192.142#53                                                                                                                                                                                                                                                                                                     <br>04-Dec-2020 17:30:04.884 REFUSED unexpected RCODE resolving '<a href="http://E.ROOT-SERVERS.NET/AAAA/IN">E.ROOT-SERVERS.NET/AAAA/IN</a>': 108.162.192.142#53                                                                                                                                                                                                                                                                                  <br>04-Dec-2020 17:30:04.889 REFUSED unexpected RCODE resolving '<a href="http://G.ROOT-SERVERS.NET/AAAA/IN">G.ROOT-SERVERS.NET/AAAA/IN</a>': 108.162.192.142#53                                                                                                                                                                                                                                                                                  <br>04-Dec-2020 17:30:04.897 REFUSED unexpected RCODE resolving '<a href="http://www.cat.com/A/IN">www.cat.com/A/IN</a>': 108.162.192.142#53                                                                                                                                                                                                                                                                                            <br>04-Dec-2020 17:30:04.906 REFUSED unexpected RCODE resolving '<a href="http://E.ROOT-SERVERS.NET/AAAA/IN">E.ROOT-SERVERS.NET/AAAA/IN</a>': 172.64.33.136#53                                                                                                                                                                                                                                                                                    <br>04-Dec-2020 17:30:04.906 REFUSED unexpected RCODE resolving './NS/IN': 108.162.193.136#53                       <br>---end---<br><br>You’ll notice the above are Cloudflare resolvers (pete/roxy)<br>I get a DNSSEC related error when the same resolution is attempted on the OpenDNS servers<br><br>---snip---<br>04-Dec-2020 17:30:05.084 validating ./DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.'                                                                                                                                                                                                                                                  <br>04-Dec-2020 17:30:05.085 no valid KEY resolving './DNSKEY/IN': 208.67.220.220#53                                                                                                                                                                                                                                                                                                              <br>04-Dec-2020 17:30:05.108 validating ./DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.'                                                                                                                                                                                                                                                  <br>04-Dec-2020 17:30:05.108 no valid KEY resolving './DNSKEY/IN': 208.67.222.222#53                <br>---end---<br><br>Named.conf has the correct sources for queries;<br><br>---snip---<br>acl permit {<br>                <a href="http://172.30.0.0/16">172.30.0.0/16</a>;<br>---end---<br><br>Named.conf.options has the correct forwarders, recursion and query statements (ignore syntax, pulling partials);<br><br>---snip---<br>                forwarders {<br>                                108.162.193.136;<br>                                172.64.33.136;<br>                                108.162.192.142;<br>                                172.64.32.142;<br>                                173.245.58.142;<br>                                208.67.220.220;<br>                                208.67.222.222;<br>                                };<br>                allow-recursion {<br>                                <a href="http://172.30.0.0/16">172.30.0.0/16</a>;<br>                allow-query {<br>                                <a href="http://172.30.0.0/16">172.30.0.0/16</a>;<br>---end---<br><br><div>What am I missing here (flame away…)?</div><div><br></div><div>    -W<br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p class="MsoNormal"><font size="2"><span style="font-family:"Courier New""> </span></font></p><p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial">



</p><p class="MsoNormal" style="margin-bottom:12.0pt"><font size="2"><span>“Solo puedo explicártelo a ti. No puedo entenderlo por ti”</span></font></p><p class="MsoNormal"><br><span style="font-size:8.0pt;font-family:"Calibri Light",sans-serif"></span><span style="font-size:8.0pt;font-family:"Calibri Light",sans-serif"></span></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>