Thank you, I have used raw.dnsmasq to re-configure LXD’s dnsmasq to use Hetzner’s DNS (as provided over DHCP):
myuser@lxd-server:~$ cat /var/lib/lxd/networks/lxdbr0/dnsmasq.raw
server=/surbl.org/213.133.98.98
server=/multi.uribl.com/213.133.99.99
but apparently even Hetzner’s DNS servers are unacceptable by the DNSBL servers:
root@vm05:~# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 95.217.255.75]"
(I know this isn’t an LXD issue anymore, but I thought I might ask anyway) AFAIK dnsmasq is a lightweight resolver which can’t act as a recursive resolver, but needs to forward queries to a “real” recursive, DNS server. And it’s the same with systemd-resolved.
So, since I can’t use neither dnsmasq nor systemd-resolved to query the DNSBL servers, my only remaining option is to setup a full-blown Bind9 inside my container, right?