I have named.conf.options set like this in a bionic lxd container:
options {
directory "/var/cache/bind";
forwarders {
1.1.1.1;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on { 10.0.100.137; };
};
10.0.100.137 is the container's eth0 address.
This works all the time:
ubuntu@bionic-bind9:~$ nslookup ubuntu.com - 10.0.100.137
Server: 10.0.100.137
Address: 10.0.100.137#53
Ok, let's try again.
I have named.conf.options set like this in a bionic lxd container:
options {
directory "/var/cache/bind";
forwarders {
1.1.1.1;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on { 10.0.100.137; };
};
10.0.100.137 is the container's eth0 address.
This works all the time: bionic- bind9:~ $ nslookup ubuntu.com - 10.0.100.137
ubuntu@
Server: 10.0.100.137
Address: 10.0.100.137#53
Non-authoritative answer:
Name: ubuntu.com
Address: 91.189.94.40
Same with dnssec set to false.
Can you try with dig perhaps? I don't know how to enable debugging in nslookup (-deb or -d2 didn't change anything here).
Something like:
dig @127.0.0.1 +trace ubuntu.com
host also has some debugging available:
host -d ubuntu.com 127.0.0.1 <-- or the actual ip where bind is listening
I wonder if packets are getting truncated somehow, as you got an answer besides having a status of failure.