No response from localhost with "allow-query { any; };"
Petr Menšík
pemensik at redhat.com
Tue Sep 1 14:57:39 UTC 2020
Please include any listen-on { ... } and listen-on-v6 { ... } clauses.
It seems any of 127.0.0.1; ::1; nor localhost; is listed in them.
Because it is not listening on localhost socket, it would not answer any
queries.
If the server should listen on all interfaces, just use:
listen-on { any; };
If it has addresses on which it should not listen, just add localhost;
to current listen-on.
It might be able to respond to:
dig @91.216.35.21 -b 127.0.0.1 localhost
Which would be technically from localhost, but I guess you are looking
for listen-on change.
Cheers,
Petr
On 9/1/20 4:41 PM, Axel Rau wrote:
> Thanks for answering:
>
> root at ns5:/ # dig NS lrau.net @91.216.35.21
>
> ; <<>> DiG 9.16.5 <<>> NS lrau.net @91.216.35.21
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
> root at ns5:/ # dig NS lrau.net @localhost
>
> ; <<>> DiG 9.16.5 <<>> NS lrau.net @localhost
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
> root at ns5:/ # sockstat -p 53
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> root cron 59891 5 dgram -> /var/run/log
> root sendmail 59197 3 dgram -> /var/run/log
> bind named 47812 3 dgram -> /var/run/log
> bind named 47812 137 udp4 91.216.35.21:53 *:*
> bind named 47812 138 udp4 91.216.35.21:53 *:*
> bind named 47812 139 udp4 91.216.35.21:53 *:*
> bind named 47812 140 udp4 91.216.35.21:53 *:*
> bind named 47812 141 udp4 91.216.35.21:53 *:*
> bind named 47812 142 udp4 91.216.35.21:53 *:*
> bind named 47812 143 udp4 91.216.35.21:53 *:*
> bind named 47812 144 udp4 91.216.35.21:53 *:*
> bind named 47812 145 udp4 91.216.35.21:53 *:*
> bind named 47812 146 udp4 91.216.35.21:53 *:*
> bind named 47812 147 udp4 91.216.35.21:53 *:*
> bind named 47812 148 udp4 91.216.35.21:53 *:*
> bind named 47812 149 udp4 91.216.35.21:53 *:*
> bind named 47812 150 udp4 91.216.35.21:53 *:*
> bind named 47812 151 udp4 91.216.35.21:53 *:*
> bind named 47812 152 udp4 91.216.35.21:53 *:*
> bind named 47812 154 tcp4 91.216.35.21:53 *:*
> bind named 47812 155 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 156 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 157 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 158 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 159 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 160 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 161 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 162 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 163 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 164 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 165 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 166 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 167 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 168 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 169 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 170 udp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 172 tcp6 2a05:bec0:26:5::71:53 *:*
> bind named 47812 512 udp4 91.216.35.21:53 *:*
> bind named 47812 513 udp6 2a05:bec0:26:5::71:53 *:*
> root rsyslogd 45747 0 dgram /var/run/log
> root rsyslogd 45747 1 dgram -> /var/run/log
> root at ns5:/ #
>
>
>> Am 01.09.2020 um 16:14 schrieb Ondřej Surý <ondrej at isc.org>:
>>
>> Hi Axel,
>>
>> the `nc` commands you used for testing neither proves that
>> it’s that specific `named` listening on that port nor DNS
>> daemon at all. FWIW it could be a dummy UDP/TCP server
>> and you would not know.
>>
>> First you need to use a tool from your operating system
>> to check what is listening on those ports, and then use
>> `dig` (or other DNS debugging tool) to send actual DNS
>> queries.
>>
>> Ondrej
>> --
>> Ondřej Surý (He/Him)
>> ondrej at isc.org
>>
>>> On 1. 9. 2020, at 16:11, Axel Rau <Axel.Rau at chaos1.de> wrote:
>>>
>>> Hi!
>>>
>>> this is a new server, which answers external queries, sends notifies and pushes axfrs.
>>> It does not answer any query from localhost nor shows any notifies from master in the logs.
>>>
>>> From local:
>>> root at ns5:/ # nc -v localhost 53
>>> Connection to localhost 53 port [tcp/domain] succeeded!
>>> ^C
>>> root at ns5:/ # nc -vu localhost 53
>>> Connection to localhost 53 port [udp/domain] succeeded!
>>>
>>> From master server:
>>> [hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
>>> Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
>>> ^C
>>> [hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53
>>> Connection to ns5.lrau.net 53 port [udp/domain] succeeded!
>>>
>>>
>>> Any help greatly appreciated,
>>> Axel
>>>
>>> PS:
>>>
>>> part of named.conf:
>>> allow-notify {
>>> hermes-ns5;
>>> };
>>> allow-transfer {
>>> full-trusted;
>>> ns5-ping;
>>> ns4-he;
>>> management-hosts;
>>> };
>>> allow-query { any; };
>>> allow-query-cache { recursive-users; };
>>> allow-recursion { recursive-users; };
>>>
>>>
>>> root at ns5:/usr/local/etc/namedb/working/slave # named -V
>>> BIND 9.16.5 (Stable Release) <id:c00b458>
>>> running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC
>>> built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
>>> compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
>>> compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
>>> linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
>>> compiled with libxml2 version: 2.9.10
>>> linked to libxml2 version: 20910
>>> compiled with json-c version: 0.14
>>> linked to json-c version: 0.15
>>> compiled with zlib version: 1.2.11
>>> linked to zlib version: 1.2.11
>>> threads support is enabled
>>>
>>> default paths:
>>> named configuration: /usr/local/etc/namedb/named.conf
>>> rndc configuration: /usr/local/etc/namedb/rndc.conf
>>> DNSSEC root key: /usr/local/etc/namedb/bind.keys
>>> nsupdate session key: /var/run/named/session.key
>>> named PID file: /var/run/named/pid
>>> named lock file: /var/run/named/named.lock
>>>
>>> ---
>>> PGP-Key: CDE74120 ☀ computing @ chaos claudius
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
> ---
> PGP-Key: CDE74120 ☀ computing @ chaos claudius
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200901/0e49e4ff/attachment.bin>
More information about the bind-users
mailing list