Hi Badli,

On Sat, Apr 22, 2023 at 06:46:10PM +0000, Badli Al Rashid via BitFolk Users wrote:
> Is letting bind9 listening on all interfaces a good practice? Or letting it listening on specific interface best ?

I think it's fine. Most of the time you're running a DNS server
because you want it to be globally reachable anyway. If it's a
resolver then it might make more sense to only have it listen on
certain interfaces.

> If I set specific address listening, bind9 failed to start and stops listening.

Logs will say why. Logs are really good. They save a lot of time
from posting messages about how "it failed" as they usually tell you
why "it failed".

> If i set bind9 to listen to all and block using the firewall the interface I do not it to listen to  bind9 to powerdns replication did not work. Powerdns as primary here.
>
> It seems to be working if I set bind9 to listen to all interfaces and not block by the firewall.

These just sound like misconfigurations.

- Decide what you want to do.

- Tackle one problem at a time.

- Show exact configuration, logs and/or copy of output showing what
  it did, and explanation of what you actually wanted it to do.

You can test if an AXFR works, requesting from your BIND host to
your PowerDNS host, without even using BIND. You can test it with
just "dig":

$ dig -b 192.168.1.2 -t axfr example.com @10.10.1.2

Where:

- 192.168.1.2 is the source address you want the AXFR to come from
- example.com is the zone you want to transfer from PowerDNS
- 10.10.1.2 is the IP address of POwerDNS

Get that working first. Once it works, configure BIND to do the
same.

Cheers,
Andy