Re: F32 bind9 split dns debug

2020-11-20 Thread Tim via users
On Fri, 2020-11-20 at 11:34 +, J.Witvliet--- via users wrote: > Perhaps I overlooked, but I miss one line. > About “query” > > I have also: > allow-query { 0.0.0.0/0; ::1/128; 2001:470::/32; }; > > Perhaps allow-query { any; }; would be sufficient... Inside my options I have allow-query { an

Re: F32 bind9 split dns debug

2020-11-20 Thread J.Witvliet--- via users
31:31 To: "users@lists.fedoraproject.org" mailto:users@lists.fedoraproject.org>> Cc: "Tim" mailto:ignored_mail...@yahoo.com.au>> Subject: Re: F32 bind9 split dns debug On Thu, 2020-11-19 at 11:15 -0800, Jack Craig wrote: > your below has resulted na god external.

Re: F32 bind9 split dns debug

2020-11-19 Thread Tim via users
On Thu, 2020-11-19 at 11:15 -0800, Jack Craig wrote: > your below has resulted na god external.view, but my internal.db > keeps giving out of zone errors. > do you have input for the internal view as you did for external view? > what am i missing? I've done the following tests on my name server:

Re: F32 bind9 split dns debug

2020-11-19 Thread Tim via users
On Thu, 2020-11-19 at 11:15 -0800, Jack Craig wrote: > my internal.db keeps giving out of zone errors. do you have input for > the internal view as you did for external view? what am i missing? Asking the obvious questions: Are you restarting the named service after you've made changes to configu

Re: F32 bind9 split dns debug

2020-11-19 Thread Jack Craig
On Sat, Nov 14, 2020 at 9:12 PM Tim via users wrote: > On Sat, 2020-11-14 at 11:33 -0800, Jack Craig wrote: > > zone: /var/named/internal > > > > > > internal. 86400 IN SOA ws.linuxlighthouse.com. > > root.linuxlighthouse.com. 2020101601 86400 3600 604800 86400 > > internal. 86400 IN NS

Re: F32 bind9 split dns debug

2020-11-15 Thread Jack Craig
nity support for Fedora users" > *Subject:* Re: F32 bind9 split dns debug > > is there an easier way to verify a port access to internal host besides > wireshark & tcpdump? > > On Sat, Nov 14, 2020 at 11:51 AM Jack Craig > wrote: > >> >> >> On Sa

Re: F32 bind9 split dns debug

2020-11-15 Thread Jack Craig
i am still working to take all this in, Thank You for this time/wisdom... On Sat, Nov 14, 2020 at 9:12 PM Tim via users wrote: > On Sat, 2020-11-14 at 11:33 -0800, Jack Craig wrote: > > zone: /var/named/internal > > > > > > internal. 86400 IN SOA ws.linuxlighthouse.com. > > root.linuxlighth

Re: F32 bind9 split dns debug

2020-11-15 Thread J.Witvliet--- via users
How about: “lsof -i -n -P” From: "Jack Craig" mailto:jack.craig.ap...@gmail.com>> Date: Saturday, 14 November 2020 at 21:11:39 To: "Community support for Fedora users" mailto:users@lists.fedoraproject.org>> Subject: Re: F32 bind9 split dns debug is there an ea

Re: F32 bind9 split dns debug

2020-11-14 Thread Tim via users
On Sat, 2020-11-14 at 11:33 -0800, Jack Craig wrote: > zone: /var/named/internal > > > internal. 86400 IN SOA ws.linuxlighthouse.com. > root.linuxlighthouse.com. 2020101601 86400 3600 604800 86400 > internal. 86400 IN NS ws.internal. > internal. 86400 IN A 108.220.213.121 > interna

Re: F32 bind9 split dns debug

2020-11-14 Thread Jack Craig
i want to thank all the wizards that guided me toward a working dns. i have struggled with this setup for weeks now; on to https & dnssec. again, Thank You Very Much!! On Sat, Nov 14, 2020 at 12:19 PM Tim via users < users@lists.fedoraproject.org> wrote: > On Sat, 2020-11-14 at 11:33 -0800, Jac

Re: F32 bind9 split dns debug

2020-11-14 Thread Tim via users
On Sat, 2020-11-14 at 11:33 -0800, Jack Craig wrote: > zone: /var/named/internal > > > internal. 86400 IN SOA ws.linuxlighthouse.com. > root.linuxlighthouse.com. 2020101601 86400 3600 604800 86400 > internal. 86400 IN NS ws.internal. > internal. 86400 IN A 108.220.213.121 > interna

Re: F32 bind9 split dns debug

2020-11-14 Thread Jack Craig
is there an easier way to verify a port access to internal host besides wireshark & tcpdump? On Sat, Nov 14, 2020 at 11:51 AM Jack Craig wrote: > > > On Sat, Nov 14, 2020 at 11:33 AM Jack Craig > wrote: > >> >> this part looked ok to me, but i am not sure. >> > > now seeing higher throughput, b

Re: F32 bind9 split dns debug

2020-11-14 Thread Jack Craig
On Sat, Nov 14, 2020 at 11:33 AM Jack Craig wrote: > > this part looked ok to me, but i am not sure. > now seeing higher throughput, but still got... 14-Nov-2020 11:28:20.993 query-errors: info: client @0x7fc8601c9760 52.183.97.231#63450 (linuxlighthouse.com): view external-wan-view: query fail

Re: F32 bind9 split dns debug

2020-11-14 Thread Jack Craig
this part looked ok to me, but i am not sure. On Sat, Nov 14, 2020 at 6:32 AM Jack Craig wrote: > gives me zones like,... > zone: /var/named/linuxlighthouse.com (external) linuxlighthouse.com. 86400 IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. 2020101601 86400 3600 604800 86

Re: F32 bind9 split dns debug

2020-11-14 Thread Greg Woods
On Fri, Nov 13, 2020 at 11:13 PM Tim via users < users@lists.fedoraproject.org> wrote: > On Fri, 2020-11-13 at 13:38 -0800, Jack Craig wrote: > > > forwarders { > > 8.8.8.8; > > 8.8.4.4; > > }; > > I found when I tried using forwarders, that all quer

Re: F32 bind9 split dns debug

2020-11-14 Thread Jack Craig
gives me zones like,... zone: /var/named/linuxlighthouse.com (external) linuxlighthouse.com. 86400 IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. 2020101601 86400 3600 604800 86400 linuxlighthouse.com. 86400 IN NS ws.linuxlighthouse.com. linuxlighthouse.com. 86400 IN A 1

Re: F32 bind9 split dns debug

2020-11-14 Thread Jack Craig
well, if its not my config file it must be in these ... internal.db linuxlighthouse.com.db 213.220.108.in-addr.arpa ; $include "/var/named/linuxlighthouse.com.db" @ IN A 10.0.0.1 wsIN A 10.0.0.101 www IN A

Re: F32 bind9 split dns debug

2020-11-14 Thread Tim via users
On Sat, 2020-11-14 at 14:16 +0100, Petr Menšík wrote: > Wait, what is BIND version you are trying to use? > > http://linuxlighthouse.com should never show in a DNS, or I did not > ever > seen it in bind logs. What is exactly command used for the query? URL > should not be there, only most recent d

Re: F32 bind9 split dns debug

2020-11-14 Thread Jack Craig
On Fri, Nov 13, 2020 at 10:12 PM Tim via users < users@lists.fedoraproject.org> wrote: > On Fri, 2020-11-13 at 13:38 -0800, Jack Craig wrote: > > current named.conf > > > > options > > { > > // Put files that named is allowed to write in the data/ > directory: > > directory

Re: F32 bind9 split dns debug

2020-11-14 Thread Petr Menšík
Wait, what is BIND version you are trying to use? http://linuxlighthouse.com should never show in a DNS, or I did not ever seen it in bind logs. What is exactly command used for the query? URL should not be there, only most recent development version should have support for DNS over HTTPS. I admit

Re: F32 bind9 split dns debug

2020-11-13 Thread Tim via users
On Fri, 2020-11-13 at 13:38 -0800, Jack Craig wrote: > current named.conf > > options > { > // Put files that named is allowed to write in the data/ directory: > directory "/var/named"; // "Working" directory > dump-file "data/cache_dum

Re: F32 bind9 split dns debug

2020-11-13 Thread Jack Craig
first, a hearty Thanks for your responses to date. I have tried to apply the suggested changes, but it's not changed the initial behaviour. so i am still missing something... additional suggestions. i am going to look at host, who,w hois, nslookup for more info, thx, jackc... *default.log:13-No

Re: F32 bind9 split dns debug

2020-11-13 Thread Petr Menšík
Hi Jack, On 11/13/20 8:02 AM, Jack Craig wrote: > hi all, > any dns pros in the house?? > > i am trying to debug a split view dns. > i am using F32 & bind9 where i have internal & external views. > > internal network 10.0.0.0/24, external 108.220.213.120/29 > > what i think i am seeing is a ref

Re: F32 bind9 split dns debug

2020-11-13 Thread Tim via users
Jack Craig: >>> listen-on port 53 { localhost; }; >>> listen-on-v6 port 53 { any; }; Tim: >> Unless I missed something, elsewhere, your IPv4 connections can only >> come from localhost. Jack Craig: > i am sure i am the one missing something. you are suggesting listen > on external ip? > >

Re: F32 bind9 split dns debug

2020-11-13 Thread Jack Craig
On Fri, Nov 13, 2020 at 1:55 AM Tim via users wrote: > On Thu, 2020-11-12 at 23:02 -0800, Jack Craig wrote: > > listen-on port 53 { localhost; }; > > listen-on-v6 port 53 { any; }; > > Unless I missed something, elsewhere, your IPv4 connections can only > come from localhost. > i am sure i

Re: F32 bind9 split dns debug

2020-11-13 Thread Tim via users
On Thu, 2020-11-12 at 23:02 -0800, Jack Craig wrote: > listen-on port 53 { localhost; }; > listen-on-v6 port 53 { any; }; Unless I missed something, elsewhere, your IPv4 connections can only come from localhost. -- uname -rsvp Linux 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 U

Re: F32 bind9 split dns debug

2020-11-12 Thread Jack Craig
> > > > > > > > > > > > > > > > > > > > > > * dig @localhost linuxlighthouse.com ns; <<>> > DiG 9.11.23-RedHat-9.11.23-1.fc32 <<>> @localhost linuxlighthouse.com > ns; (2 servers found);; global options: +cmd;; > Got answer:;; ->>HEADER<<- o

Re: F32 bind9 split dns debug

2020-11-12 Thread J.Witvliet--- via users
The allow-query { internals; } might be something worth tinkering From: "Jack Craig" mailto:jack.craig.ap...@gmail.com>> Date: Friday, 13 November 2020 at 08:03:43 To: "Community support for Fedora users" mailto:users@lists.fedoraproject.org>> Subject: F32

F32 bind9 split dns debug

2020-11-12 Thread Jack Craig
hi all, any dns pros in the house?? i am trying to debug a split view dns. i am using F32 & bind9 where i have internal & external views. internal network 10.0.0.0/24, external 108.220.213.120/29 what i think i am seeing is a refusal of query, but Why?? where can i find a query_log print-severi