Thanks for your time and your answer. We are still on UCS 4.4.
ip -c a
gives output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 42:76:70:06:91:f6 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.4/22 brd 172.16.3.255 scope global ens18
valid_lft forever preferred_lft forever
inet6 fe80::4076:70ff:fe06:91f6/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:8f:c4:9a:51 brd ff:ff:ff:ff:ff:ff
inet 10.2.1.1/16 brd 10.2.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 100.64.0.61/32 scope global tailscale0
valid_lft forever preferred_lft forever
inet6 fe80::17c9:2224:3b3f:f224/64 scope link flags 800
valid_lft forever preferred_lft forever
ps u $(pgrep -f named)
outputs
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1265 0.7 2.3 900996 94312 ? Ssl 00:02 7:30 /usr/sbin/named -c /etc/bind/named.conf.samba4 -f -d
ss --udp -l -p 'sport = :domain'
output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 127.0.0.53%lo:domain *:* users:(("systemd-resolve",pid=29397,fd=15))
UNCONN 0 0 100.64.0.61:domain *:* users:(("named",pid=1265,fd=521),("named",pid=1265,fd=520))
UNCONN 0 0 10.2.1.1:domain *:* users:(("named",pid=1265,fd=519),("named",pid=1265,fd=518))
UNCONN 0 0 172.16.1.4:domain *:* users:(("named",pid=1265,fd=517),("named",pid=1265,fd=516))
UNCONN 0 0 127.0.0.1:domain *:* users:(("named",pid=1265,fd=515),("named",pid=1265,fd=514))
UNCONN 0 0 :::domain :::* users:(("named",pid=1265,fd=513),("named",pid=1265,fd=512))
dig @100.64.0.61 $SOME_DNS_NAME any
refuses connection. “Digging” on internal lan ip 172.16.1.4 is working.