Sorry no errors in the logs even with the debug setting.
I think we are not really looking for the right thing.
Let me try to describe the problem again.
When I configure my ipa server to use a global forwarder (8.8.8.8 or 8.8.4.4)
I can do a dig and I get a list of the root dns servers.
When I remove the global forwarder.
I can still do the dig but I get no root server list.
dig
; <<>> DiG 9.11.36-RedHat-9.11.36-5.el8_7.2 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49739
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e5e719fe62224931a23c9f9c63812c875a0a53b97e2e11de (good)
;; QUESTION SECTION:
;. IN NS
;; Query time: 111 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Nov 25 21:58:47 CET 2022
;; MSG SIZE rcvd: 56
< nothing after the previous line except a bash prompt >
There should be a list of root dns servers.
Local dns domain resolving works fine.
There is no firewall blocking this. (global forwarder 8.8.8.8 works fine)
Really weird.
Rob