Hi, > resolv.conf must have only one search entry. And you don't want to resolv > with google directly. So you should have :
Ok, I have the google dns commented. Alhough.... Now I remember why I had the
google dns in there. ;-)
For my machine to create the VPN it needs to know the ip number of the gateway.
I fixed that for now with an entry in the /etc/hosts file. :-)
>> When booting if the internal bind is not up and running yet some services
>> might need a resolver so I have 8.8.8.8 in there as well as a second dns
>> entry.
> Ensure this in services ordering (systemd or initd). It's better and safer.
> And I think it's better to get an error than a false result from bind.
Ok, I get it.
-----<Quote>-----------------
linbobo:~# rndc flush
linbobo:~# dig tio.nl NS
; <<>> DiG 9.16.37-Debian <<>> tio.nl NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49974
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 52571ae710dcd2cc010000006478463be41c8b3a2afd14a5 (good)
;; QUESTION SECTION:
;tio.nl. IN NS
;; Query time: 244 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 01 09:18:19 CEST 2023
;; MSG SIZE rcvd: 63
-----<Quote>-----------------
Hmm, no answer, that is weird.
-----<Quote>-----------------
linbobo:~# ss -nap | grep named
u_dgr UNCONN 0 0 * 17532
* 12035 users:(("named",pid=554,fd=3))
u_str ESTAB 0 0 * 17082
* 17525
users:(("named",pid=554,fd=2),("named",pid=554,fd=1))
udp UNCONN 0 0 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=83))
udp UNCONN 0 0 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=85))
udp UNCONN 0 0 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=84))
udp UNCONN 0 0 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=82))
udp UNCONN 0 0 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=49))
udp UNCONN 0 0 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=50))
udp UNCONN 0 0 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=51))
udp UNCONN 0 0 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=52))
udp UNCONN 0 0 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=39))
udp UNCONN 0 0 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=38))
udp UNCONN 0 0 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=40))
udp UNCONN 0 0 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=37))
udp UNCONN 0 0 [::1]:53
[::]:* users:(("named",pid=554,fd=60))
udp UNCONN 0 0 [::1]:53
[::]:* users:(("named",pid=554,fd=58))
udp UNCONN 0 0 [::1]:53
[::]:* users:(("named",pid=554,fd=59))
udp UNCONN 0 0 [::1]:53
[::]:* users:(("named",pid=554,fd=57))
udp UNCONN 0 0 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=67))
udp UNCONN 0 0 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=69))
udp UNCONN 0 0 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=70))
udp UNCONN 0 0 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=68))
udp UNCONN 0 0 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=66))
udp UNCONN 0 0 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=75))
udp UNCONN 0 0 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=76))
udp UNCONN 0 0 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=77))
udp UNCONN 0 0 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=90))
udp UNCONN 0 0 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=91))
udp UNCONN 0 0 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=92))
udp UNCONN 0 0 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=93))
tcp LISTEN 0 10 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=87))
tcp LISTEN 0 10 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=89))
tcp LISTEN 0 10 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=88))
tcp LISTEN 0 10 172.16.1.138:53
0.0.0.0:* users:(("named",pid=554,fd=86))
tcp LISTEN 0 10 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=53))
tcp LISTEN 0 10 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=54))
tcp LISTEN 0 10 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=55))
tcp LISTEN 0 10 172.16.17.1:53
0.0.0.0:* users:(("named",pid=554,fd=56))
tcp LISTEN 0 10 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=41))
tcp LISTEN 0 10 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=42))
tcp LISTEN 0 10 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=43))
tcp LISTEN 0 10 127.0.0.1:53
0.0.0.0:* users:(("named",pid=554,fd=44))
tcp LISTEN 0 4096 127.0.0.1:953
0.0.0.0:* users:(("named",pid=554,fd=36))
tcp LISTEN 0 10 [::1]:53
[::]:* users:(("named",pid=554,fd=63))
tcp LISTEN 0 10 [::1]:53
[::]:* users:(("named",pid=554,fd=62))
tcp LISTEN 0 10 [::1]:53
[::]:* users:(("named",pid=554,fd=61))
tcp LISTEN 0 10 [::1]:53
[::]:* users:(("named",pid=554,fd=64))
tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=71))
tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=72))
tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=74))
tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53
[::]:* users:(("named",pid=554,fd=73))
tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=78))
tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=80))
tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=81))
tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53
[::]:* users:(("named",pid=554,fd=79))
tcp LISTEN 0 10 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=94))
tcp LISTEN 0 10 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=96))
tcp LISTEN 0 10 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=95))
tcp LISTEN 0 10 [fe80::33bc:2b:d928:991d]%tun0:53
[::]:* users:(("named",pid=554,fd=97))
tcp LISTEN 0 4096 [::1]:953
[::]:* users:(("named",pid=554,fd=65))
linbobo:~#
-----<Quote>-----------------
172.16.17.1 is my machine
Same for the 2 ipv6 addresses
172.16.1.138 is my side of the VPN tunnel
From syslog after dig tio.nl NS
-----<Quote>-----------------
Jun 1 09:25:45 linbobo named[554]: validating tio.nl/NS: got insecure
response; parent indicates it should be secure
Jun 1 09:25:45 linbobo named[554]: insecurity proof failed resolving
'tio.nl/NS/IN': 172.16.128.40#53
Jun 1 09:25:45 linbobo named[554]: validating tio.nl/NS: got insecure
response; parent indicates it should be secure
Jun 1 09:25:45 linbobo named[554]: insecurity proof failed resolving
'tio.nl/NS/IN': 172.16.208.10#53
-----<Quote>-----------------
It is still weird. What else can we try? Is there something we can do to see
what it IS getting back so we can compare it with what it should be?
I even just now tried
-----<Quote>-----------------
linbobo:/var/cache/bind# service named stop
linbobo:/var/cache/bind# ll
total 3300
-rw-r--r-- 1 bind bind 821 Jun 1 09:16 managed-keys.bind
-rw-r--r-- 1 bind bind 1856 Jun 1 09:16 managed-keys.bind.jnl
-rw-r--r-- 1 bind bind 3367966 May 8 11:37 named_dump.db
linbobo:/var/cache/bind# rm *
linbobo:/var/cache/bind# service named start
linbobo:/var/cache/bind# dig tio.nl NS
-----<Quote>-----------------
But still same result. :-(
Bonno Bloksma
