Re: No response from localhost with "allow-query { any; };"

Axel Rau Tue, 01 Sep 2020 07:43:49 -0700

Thanks for answering:

root@ns5:/ # dig NS lrau.net @91.216.35.21


; <<>> DiG 9.16.5 <<>> NS lrau.net @91.216.35.21
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # dig NS lrau.net @localhost

; <<>> DiG 9.16.5 <<>> NS lrau.net @localhost
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # sockstat -p 53
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     cron       59891 5  dgram  -> /var/run/log
root     sendmail   59197 3  dgram  -> /var/run/log
bind     named      47812 3  dgram  -> /var/run/log
bind     named      47812 137 udp4  91.216.35.21:53       *:*
bind     named      47812 138 udp4  91.216.35.21:53       *:*
bind     named      47812 139 udp4  91.216.35.21:53       *:*
bind     named      47812 140 udp4  91.216.35.21:53       *:*
bind     named      47812 141 udp4  91.216.35.21:53       *:*
bind     named      47812 142 udp4  91.216.35.21:53       *:*
bind     named      47812 143 udp4  91.216.35.21:53       *:*
bind     named      47812 144 udp4  91.216.35.21:53       *:*
bind     named      47812 145 udp4  91.216.35.21:53       *:*
bind     named      47812 146 udp4  91.216.35.21:53       *:*
bind     named      47812 147 udp4  91.216.35.21:53       *:*
bind     named      47812 148 udp4  91.216.35.21:53       *:*
bind     named      47812 149 udp4  91.216.35.21:53       *:*
bind     named      47812 150 udp4  91.216.35.21:53       *:*
bind     named      47812 151 udp4  91.216.35.21:53       *:*
bind     named      47812 152 udp4  91.216.35.21:53       *:*
bind     named      47812 154 tcp4  91.216.35.21:53       *:*
bind     named      47812 155 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 156 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 157 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 158 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 159 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 160 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 161 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 162 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 163 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 164 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 165 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 166 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 167 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 168 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 169 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 170 udp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 172 tcp6  2a05:bec0:26:5::71:53 *:*
bind     named      47812 512 udp4  91.216.35.21:53       *:*
bind     named      47812 513 udp6  2a05:bec0:26:5::71:53 *:*
root     rsyslogd   45747 0  dgram  /var/run/log
root     rsyslogd   45747 1  dgram  -> /var/run/log
root@ns5:/ #


> Am 01.09.2020 um 16:14 schrieb Ondřej Surý <ond...@isc.org>:
> 
> Hi Axel,
> 
> the `nc` commands you used for testing neither proves that
> it’s that specific `named` listening on that port nor DNS
> daemon at all.  FWIW it could be a dummy UDP/TCP server
> and you would not know.
> 
> First you need to use a tool from your operating system
> to check what is listening on those ports, and then use
> `dig` (or other DNS debugging tool) to send actual DNS
> queries.
> 
> Ondrej
> --
> Ondřej Surý (He/Him)
> ond...@isc.org
> 
>> On 1. 9. 2020, at 16:11, Axel Rau <axel....@chaos1.de> wrote:
>> 
>> Hi!
>> 
>> this is a new server, which answers external queries, sends notifies and 
>> pushes axfrs.
>> It does not answer any query from localhost nor shows any notifies from 
>> master in the logs.
>> 
>> From local:
>> root@ns5:/ # nc -v localhost 53
>> Connection to localhost 53 port [tcp/domain] succeeded!
>> ^C
>> root@ns5:/ # nc -vu localhost 53
>> Connection to localhost 53 port [udp/domain] succeeded!
>> 
>> From master server:
>> [hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
>> Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
>> ^C
>> [hermes:local/etc/namedb] root#      nc -vu ns5.lrau.net 53
>> Connection to ns5.lrau.net 53 port [udp/domain] succeeded!
>> 
>> 
>> Any help greatly appreciated,
>> Axel
>> 
>> PS:
>> 
>> part of named.conf:
>>      allow-notify {
>>              hermes-ns5;
>>      };
>>      allow-transfer {
>>              full-trusted;
>>              ns5-ping;
>>              ns4-he;
>>              management-hosts;
>>      };
>>      allow-query { any; };
>>      allow-query-cache { recursive-users; };
>>      allow-recursion { recursive-users; };
>> 
>> 
>> root@ns5:/usr/local/etc/namedb/working/slave # named -V
>> BIND 9.16.5 (Stable Release) <id:c00b458>
>> running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC
>> built by make with '--disable-linux-caps' '--localstatedir=/var' 
>> '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' 
>> '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' 
>> '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' 
>> '--disable-geoip' '--without-maxminddb' '--without-gssapi' 
>> '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' 
>> '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' 
>> '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' 
>> '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' 
>> '--prefix=/usr/local' '--mandir=/usr/local/man' 
>> '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 
>> 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe 
>> -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include 
>> -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c 
>> -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG 
>> -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
>> compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 
>> (tags/RELEASE_801/final 366581)
>> compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd  10 Sep 2019
>> linked to OpenSSL version: OpenSSL 1.1.1d-freebsd  10 Sep 2019
>> compiled with libxml2 version: 2.9.10
>> linked to libxml2 version: 20910
>> compiled with json-c version: 0.14
>> linked to json-c version: 0.15
>> compiled with zlib version: 1.2.11
>> linked to zlib version: 1.2.11
>> threads support is enabled
>> 
>> default paths:
>> named configuration:  /usr/local/etc/namedb/named.conf
>> rndc configuration:   /usr/local/etc/namedb/rndc.conf
>> DNSSEC root key:      /usr/local/etc/namedb/bind.keys
>> nsupdate session key: /var/run/named/session.key
>> named PID file:       /var/run/named/pid
>> named lock file:      /var/run/named/named.lock
>> 
>> ---
>> PGP-Key: CDE74120  ☀  computing @ chaos claudius
>> 
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>> 
>> ISC funds the development of this software with paid support subscriptions. 
>> Contact us at https://www.isc.org/contact/ for more information.
>> 
>> 
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 

---
PGP-Key: CDE74120  ☀  computing @ chaos claudius

signature.asc
Description: Message signed with OpenPGP

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: No response from localhost with "allow-query { any; };"

Reply via email to