date:20201121

Re: reload but the old value linger

2020-11-21 Thread Matus UHLAR - fantomas


On 21.11.20 00:18, Boylan, Ross wrote:

My fix for the DNS lookup problems I reported a few days ago, based on help
here, seems to mostly work.  But there is one oddity.  When the tunnel
goes down I comment out the special handling for the zone I reach through
the tunnel and reload the server.  But my DNS queries return the same
internal IP number I got before, at least for awhile.

Since I can't reach the remote machine anyway, this is probably a pretty
minor problem, but I'd like to understand what's going on and how I might
fix it.

My theory is that reloading (via rndc reload) does not clear the cache, and
that my queries just get the cached value until they expire.  Is that
plausible?


yes.

If that is the problem, would rndc flushtree ucsf.edu inside remove the no
longer valid values from the cache?  ucsf.edu is the domain for which I
forward, and it is accessible from the "inside" view.


yes.


- ucsf.conf.tunnel
zone "ucsf.edu" {
type forward;
forwarders {10.10.10.10;};
};



The nameserver doesn't resolve records that are in the cache and still
valid.

This section is thus used only when it has to resolve under ucsf.edu
something that is not in cache.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #9: Out of error messages.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Servfail on Bind -9.16.1

2020-11-21 Thread upen

Hello,
I just installed a simple caching Bind9 using the package provided by
Ubuntu 20.04(64bit) OS.

I am not able to look up domains successfully and getting SERVFAILs

$ dig @127.0.0.1 -t A facebook.com

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -t A facebook.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53918
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fed86438ea8e1ae001005fb97d690fedfa8d92731165 (good)
;; QUESTION SECTION:
;facebook.com.  IN  A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 21 14:49:45 CST 2020
;; MSG SIZE  rcvd: 69

$ dig @127.0.0.1 -t A yahoo.com

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -t A yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20121
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: dc35adc3d416442701005fb97d6d9b599c886356e697 (good)
;; QUESTION SECTION:
;yahoo.com. IN  A

;; Query time: 224 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 21 14:49:49 CST 2020
;; MSG SIZE  rcvd: 66


# cat /etc/bind/named.conf.options
acl whitelist {
127.0.0.1;
localhost;
};

options {
directory "/var/cache/bind";
recursion yes;
allow-query { whitelist; };
allow-recursion { whitelist ; };
querylog yes;
};

# ps -ef | grep named
bind3260   1  0 14:31 ?00:00:00 /usr/sbin/named -f -4
-u bind

Could you someone guide me to troubleshoot this further? Thank you for the
list.

Thanks,
Upen
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Servfail on Bind -9.16.1

2020-11-21 Thread alcol alcol

are not FQDN ...

maybe www.facebook.com not only facebook.com
only facebook.com could be referenced with an A record but maybe not

www.facebook.com is a right query




From: bind-users  on behalf of upen 

Sent: Saturday, November 21, 2020 9:53 PM
To: bind-users@lists.isc.org 
Subject: Servfail on Bind -9.16.1

Hello,
I just installed a simple caching Bind9 using the package provided by Ubuntu 
20.04(64bit) OS.

I am not able to look up domains successfully and getting SERVFAILs

$ dig @127.0.0.1 -t A facebook.com

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -t A 
facebook.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53918
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fed86438ea8e1ae001005fb97d690fedfa8d92731165 (good)
;; QUESTION SECTION:
;facebook.com.  IN  A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 21 14:49:45 CST 2020
;; MSG SIZE  rcvd: 69

$ dig @127.0.0.1 -t A yahoo.com

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -t A 
yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20121
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: dc35adc3d416442701005fb97d6d9b599c886356e697 (good)
;; QUESTION SECTION:
;yahoo.com. IN  A

;; Query time: 224 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 21 14:49:49 CST 2020
;; MSG SIZE  rcvd: 66


# cat /etc/bind/named.conf.options
acl whitelist {
127.0.0.1;
localhost;
};

options {
directory "/var/cache/bind";
recursion yes;
allow-query { whitelist; };
allow-recursion { whitelist ; };
querylog yes;
};

# ps -ef | grep named
bind3260   1  0 14:31 ?00:00:00 /usr/sbin/named -f -4 -u 
bind

Could you someone guide me to troubleshoot this further? Thank you for the list.

Thanks,
Upen
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Servfail on Bind -9.16.1

2020-11-21 Thread Anand Buddhdev

On 21/11/2020 21:53, upen wrote:

Hi Upen,

> Could you someone guide me to troubleshoot this further? Thank you for the
> list.

Your instance of BIND is probably logging to syslog. Look for these logs
(usually /var/log/messages), and see what BIND is logging. It may shed a
light on the problem.

Regards,
Anand
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Servfail on Bind -9.16.1

2020-11-21 Thread upen

Hello Ananad, and all,

>www.facebook.com
$ dig @127.0.0.1 -t A www.facebook.com

; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -t A www.facebook.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38917
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a18d9ed2a6d1bcd601005fb982763dfdafed174d4ef1 (good)
;; QUESTION SECTION:
;www.facebook.com.  IN  A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 21 15:11:18 CST 2020
;; MSG SIZE  rcvd: 73

>  Your instance of BIND is probably logging to syslog. Look for these logs
> (usually /var/log/messages), and see what BIND is logging. It may shed a
> light on the problem.

Thank you. I enabled logging and when I grep for www.facebook.com , I
notice the following output from four different log files named.

debug.log:21-Nov-2020 15:11:18.004 queries: info: client @0x7fb6a800c0a0
127.0.0.1#33706 (www.facebook.com): query: www.facebook.com IN A +E(0)K
(127.0.0.1)
default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0 127.0.0.1#33706
(www.facebook.com): query failed (broken trust chain) for
www.facebook.com/IN/A at query.c:6883
dnssec.log:21-Nov-2020 15:11:18.008 validating www.facebook.com/CNAME: bad
cache hit (com/DS)
lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving '
www.facebook.com/A/IN': 129.134.31.12#53


Before running this query I also added dnssec-validation auto; to the
options file and restarted the bind9 service. It's pointing to a broken
trust chain which I am unsure how to resolve.

Thanks,
Upen


On Sat, Nov 21, 2020 at 3:11 PM Anand Buddhdev  wrote:

> On 21/11/2020 21:53, upen wrote:
>
> Hi Upen,
>
> > Could you someone guide me to troubleshoot this further? Thank you for
> the
> > list.
>
> Your instance of BIND is probably logging to syslog. Look for these logs
> (usually /var/log/messages), and see what BIND is logging. It may shed a
> light on the problem.
>
> Regards,
> Anand
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
upen,
emerge -uD life (Upgrade Life with dependencies)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Servfail on Bind -9.16.1

2020-11-21 Thread upen

>packet capture (at a later point)
https://dpaste.com/6FYQ4986D
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Servfail on Bind -9.16.1

2020-11-21 Thread Fred Morris

Check your clock. Have you got NTP turned on? Is it working? If it's not, 
flush cache/restart before you test again.


--

Fred Morris

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Servfail on Bind -9.16.1

2020-11-21 Thread upen

On Sat, Nov 21, 2020 at 3:45 PM Fred Morris  wrote:

> Check your clock. Have you got NTP turned on? Is it working? If it's not,
> flush cache/restart before you test again.
>
> Thank you Fred,
Checked the time service , It's synced unless I am missing something.

timedatectl timesync-status
   Server: 91.189.89.198 (ntp.ubuntu.com)
Poll interval: 4min 16s (min: 32s; max 34min 8s)
 Leap: normal
  Version: 4
  Stratum: 2
Reference: 91EECB0E
Precision: 1us (-23)
Root distance: 40.389ms (max: 5s)
   Offset: -4.216ms
Delay: 88.989ms
   Jitter: 6.149ms
 Packet count: 4
Frequency: +49.968ppm

Thank you,
Upen
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: reload but the old value linger

Servfail on Bind -9.16.1

Re: Servfail on Bind -9.16.1

Re: Servfail on Bind -9.16.1

Re: Servfail on Bind -9.16.1

Re: Servfail on Bind -9.16.1

Re: Servfail on Bind -9.16.1

Re: Servfail on Bind -9.16.1

8 matches

Site Navigation

Mail list logo

Footer information