<div style="color:black;font: 10pt arial;">Thanks, had looked at 'man dig' but had assumed (oops) that only the items listed under the various OPTIONS headings were available in .digrc. Glad to learn that @<server> can also be used (confirmed with testing).<br>
<br>
<br>
<div style="font-family:arial,helvetica;font-size:10pt;color:black"><font size="2">-----Original Message-----<br>
From: Ondřej Surý <ondrej@isc.org><br>
To: Leroy Tennison <leroy.tennison@verizon.net><br>
Cc: bind-users@lists.isc.org<br>
Sent: Mon, Apr 18, 2022 1:14 am<br>
Subject: Re: Bind and systemd-resolved<br>
<br>
<div id="yiv0640783928">
<div>
<div>Leroy,</div>
<div><br clear="none"></div>
<div>here `man dig` is your friend:</div>
<div><span style="color:rgb(68, 68, 68);font-family:verdana, helvetica, arial, sans-serif;font-size:16px;"><br clear="none"></span></div>
<div><span style="color:rgb(68, 68, 68);font-family:verdana, helvetica, arial, sans-serif;font-size:16px;">Unless it is told to query a specific name server, </span><b style="color:rgb(68, 68, 68);font-family:verdana, helvetica, arial, sans-serif;font-size:16px;">dig</b><span style="color:rgb(68, 68, 68);font-family:verdana, helvetica, arial, sans-serif;font-size:16px;"> </span><span style="color:rgb(68, 68, 68);font-family:verdana, helvetica, arial, sans-serif;font-size:16px;">will try each of the servers listed in /etc/resolv.conf.</span></div>
<div>
<div style="font-size:16px;color:rgb(68, 68, 68);font-family:verdana, helvetica, arial, sans-serif;">When no command line arguments or options are given, <b>dig</b> will perform an NS query for "." (the root).</div>
<div style="font-size:16px;color:rgb(68, 68, 68);font-family:verdana, helvetica, arial, sans-serif;">It is possible to set per-user defaults for <b>dig</b> via ${HOME}/.digrc. This file is read and any options in it are applied before the command line arguments.</div>
</div>
<div>Ondřej </div>
<div>
<div dir="ltr">
<div>--</div>
Ondřej Surý — ISC (He/Him)
<div><br clear="none"></div>
<div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div>
</div>
<div dir="ltr"><br clear="none"><blockquote type="cite">On 18. 4. 2022, at 7:27, Leroy Tennison via bind-users <bind-users@lists.isc.org> wrote:<br clear="none"><br clear="none"></blockquote></div>
<blockquote type="cite">
<div dir="ltr">
<div id="yiv0640783928yqt56319" class="yiv0640783928yqt6159942595">
<div style="color:black;font:10pt arial;">
<div>When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to root I get:</div>
<div><br clear="none">
</div>
<div>;; Couldn't verify signature: expected a TSIG or SIG(0)</div>
<div>; Transfer failed.</div>
<div><br clear="none">
</div>
<div>This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has DNS=127.0.0.1 since the DNS server is running on it. Systemd-resolved has been restarted afterward. I've tried using an actual interface address but it doesn't help. It seems dig tries to use 127.0.0.53 due to its being in /etc/resolv.conf and that fails even though dig for forward/reverse lookups works.</div>
<div><br clear="none">
</div>
<div>If I add @127.0.0.1 to the above it works. Is there a way to get this to work without having to do that and not setting up the entire network configuration using systemd. I realize it's not a big effort to add @127.0.0.1 but the reason for the issue is obscure, the error message is misleading and my distaste for systemd is sufficient enough that I would prefer avoiding it as much as possible. Thanks for any input.</div>
</div>
</div>
<span>-- </span><br clear="none"><span>Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list</span><br clear="none"><span></span><br clear="none"><span>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.</span><br clear="none"><span></span><br clear="none"><span></span><br clear="none"><span>bind-users mailing list</span><br clear="none"><span>bind-users@lists.isc.org</span><br clear="none"><span>https://lists.isc.org/mailman/listinfo/bind-users</span><br clear="none"></div>
</blockquote></div>
</div>
</div>
</font></div>
</div>