nslookup does some to resolve other outbound sites like yahoo.com, google.com etc and I’ve also restarted bind9 without success. Setting 8.8.8.8 as upstream didn’t seem to help either.
This is on MAAS 2.8.2 and the issue just suddenly happened.
had the same issue with bind and could not resolve any TLD .com .io domains yet the resolution of .net .ch .fr would just work without any problems.
In the UI I disabled the DNSSEC as I got some errors in the logs concerning verification:
Apr 06 19:30:52 maas named[2988120]: validating io/SOA: got insecure response; parent indicates it should be secure
Apr 06 19:30:52 maas named[2988120]: no valid RRSIG resolving 'docker.io/DS/IN': 10.10.10.102#53
Apr 06 19:30:52 maas named[2988120]: validating io/DNSKEY: got insecure response; parent indicates it should be secure
Apr 06 19:30:52 maas named[2988120]: insecurity proof failed resolving 'io/DNSKEY/IN': 10.10.10.102#53
Yet this action does restart the named/bind service and then magically solved the issue.
I am still in conversation with Canonical to find out the root cause of this one.
marking this particular one as solved, since it’s working now, but @erickeller, can you get your conversation with Canonical linked into this post, so we can follow it?