On Tue, 2017-09-19 at 07:45 -0500, David Jones wrote: > On 09/18/2017 06:03 PM, Chris wrote: [snip] > > > > localhost dnsmasq[2323]: started, version 2.75 cachesize 150 > > localhost dnsmasq[2323]: compile time options: IPv6 GNU-getopt DBus > > i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop- > > detect inotify > > localhost dnsmasq-dhcp[2323]: DHCP, IP range 192.168.122.2 -- > > 192.168.122.254, lease time 1h > > localhost dnsmasq-dhcp[2323]: DHCP, sockets bound exclusively to > > interface virbr0 > > localhost dnsmasq[2323]: reading /etc/resolv.conf > > localhost dnsmasq[2323]: using nameserver 127.0.0.1#53 > > localhost dnsmasq[2323]: using nameserver 127.0.0.1#53 > > localhost dnsmasq[2323]: read /etc/hosts - 7 addresses > > localhost dnsmasq[2323]: read > > /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses > > localhost dnsmasq-dhcp[2323]: read > > /var/lib/libvirt/dnsmasq/default.hostsfile > > > > I'm not really running a mail server in the true sense of the word > > I > > believe. Fetchmail queries my email accounts and pipes the messages > > through procmail. Anything that doesn't already have a recipe is > > run > > through SA. I'm just using Bind to speed up the queries that SA > > makes. > > I believe I'm stating that correctly but who knows could be way > > off. > > > > If I can give any other information I'll be glad to do it. Again, I > > have no idea why the queries are going to 168.150.251.35. There > > hasn't > > been another query to isipp since a bit after noon. I'll see what > > happens the next time there is one. > > > Run 'netstat -tunlap | grep ":53 "' and see what is listening on port > 53 > as your DNS server. You probably need to remove/uninstall dnsmasq. > > Here's my output: > > # netstat -tunlap | grep ":53 " > tcp 0 0 127.0.0.1:53 0.0.0.0:* > LISTEN 24019/pdns_recursor > udp 0 0 127.0.0.1:53 0.0.0.0:* > 24019/pdns_recursor > > Once you know you are only running named on port 53, then make sure > your > named.conf doesn't have any forwarders defined in the options > section. > > Now check your logs and see if you are still getting a lot of > refused > responses. BIND should be doing full recursive lookups directly to > the > authoritative DNS servers just like you saw with the "dig +trace" > command. > David, here's my output. I ran as sudo to see all inclusive:
sudo netstat -tunlap | grep ":53" [sudo] password for chris: tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1245/named tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1316/dnsmas q tcp 0 0 192.168.0.51:53 0.0.0.0:* LISTEN 1245/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1245/named tcp 0 0 192.168.0.51:56697 192.52.178.30:53 TIME_WAIT - tcp 1 1 192.168.0.51:33475 198.97.190.53:53 CLOSING - tcp 0 0 192.168.0.51:52483 192.5.6.30:53 TIME_WAIT - tcp 0 0 192.168.0.51:57335 192.5.6.30:53 TIME_WAIT - tcp 0 0 192.168.0.51:56609 192.52.178.30:53 TIME_WAIT - tcp 0 0 192.168.0.51:36143 199.19.56.1:53 TIME_WAIT - tcp 0 0 192.168.0.51:47629 199.7.83.42:53 TIME_WAIT - tcp 0 0 192.168.0.51:58201 192.48.79.30:53 TIME_WAIT - tcp 0 0 192.168.0.51:53145 199.19.56.1:53 TIME_WAIT - tcp 0 0 192.168.0.51:55073 199.7.83.42:53 TIME_WAIT - tcp 0 0 192.168.0.51:41719 192.48.79.30:53 TIME_WAIT - tcp 1 1 192.168.0.51:40633 198.97.190.53:53 CLOSING - udp 0 0 192.168.122.1:53 0.0.0.0:* 2323/dnsmas q udp 0 0 192.168.122.1:53 0.0.0.0:* 1245/named udp 0 0 127.0.1.1:53 0.0.0.0:* 1316/dnsmas q udp 0 0 192.168.0.51:53 0.0.0.0:* 1245/named udp 0 0 127.0.0.1:53 0.0.0.0:* 1245/named udp 0 0 0.0.0.0:5353 0.0.0.0:* 1533/snapwe b udp 0 0 0.0.0.0:5353 0.0.0.0:* 1004/avahi- daemon: udp6 0 0 :::5353 :::* 1533/snapwe b udp6 0 0 :::5353 :::* 1004/avahi- daemon: Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 08:12:33 up 15:51, 1 user, load average: 0.36, 0.71, 0.55 Description: Ubuntu 16.04.3 LTS, kernel 4.10.0-35-generic
signature.asc
Description: This is a digitally signed message part
