On 6/13/21 12:13 AM, ToddAndMargo via bind-users wrote:
On 6/12/21 11:47 PM, ToddAndMargo via bind-users wrote:
Oh but no errors and it still does not work!
# host 8.8.8.8
Host 8.8.8.8.in-addr.arpa not found: 2(SERVFAIL)
# host 8.8.8.8 8.8.4.4
Using domain server:
Name: 8.8.4.4
Address: 8.8.4.4#53
Aliases: 8.8.8.8.in-addr.arpa domain name pointer dns.google.
and nothing appeared in /var/log/messages
Tears!
Okay, now I am REALLY confused!!!
# host 8.8.8.8 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host 8.8.8.8.in-addr.arpa not found: 2(SERVFAIL)
This is my /etc/resolv.conf (same as in FC33):
# cat /etc/resolv.conf
# Generated by NetworkManager
search abc.local
nameserver 127.0.0.1
# nameserver 8.8.8.8
Now what ?!?!?!
A workaround i at the bottom
# host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host google.com not found: 2(SERVFAIL)
[root@rn6 etc]# systemctl status named-chroot.service
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service;
enabled; vendor preset: disabled)
Active: active (running) since Sun 2021-06-13 01:39:12 PDT; 1min
12s ago
Process: 32167 ExecStartPre=/bin/bash -c if [ !
"$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t
/var/named/chroot -z "$NAMEDCONF"; else echo "Checki>
Process: 32170 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF}
-t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 32171 (named)
Tasks: 14 (limit: 19025)
Memory: 97.2M
CPU: 180ms
CGroup: /system.slice/named-chroot.service
└─32171 /usr/sbin/named -u named -c /etc/named.conf -t
/var/named/chroot
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:503:c27::2:30#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:1::53#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:2::c#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:200::b#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:12::d0d#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:9f::42#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:7fd::1#53
Jun 13 01:40:05 rn6.abc.local named[32171]: validating com/DS: no valid
signature found
Jun 13 01:40:05 rn6.abc.local named[32171]: no valid RRSIG resolving
'com/DS/IN': 192.36.148.17#53
Jun 13 01:40:05 rn6.abc.local named[32171]: broken trust chain resolving
'google.com/A/IN': 208.67.220.220#53
Found in /var/log/messages:
Jun 13 01:43:12 rn6 named[32171]: validating google.com/A: bad cache hit
(com/DS)
Jun 13 01:43:12 rn6 named[32171]: broken trust chain resolving
'google.com/A/IN': 208.67.220.220#53
I added this to named.conf, options block:
dnssec-validation no;
and it fixed it.
How do I fix it without dnssec-validation no; ?
-T
# host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
google.com has address 172.217.6.78
google.com has IPv6 address 2607:f8b0:4005:80a::200e
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
