Hi!

this is a new server, which answers external queries, sends notifies and pushes axfrs.
It does not answer any query from localhost nor shows any notifies from master in the logs.

From local:
root@ns5:/ # nc -v localhost 53
Connection to localhost 53 port [tcp/domain] succeeded!
^C
root@ns5:/ # nc -vu localhost 53
Connection to localhost 53 port [udp/domain] succeeded!

From master server:
[hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
^C
[hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [udp/domain] succeeded!


Any help greatly appreciated,
Axel

PS:

part of named.conf:
allow-notify {
hermes-ns5;
};
allow-transfer {
full-trusted;
ns5-ping;
ns4-he;
management-hosts;
};
allow-query { any; };
allow-query-cache { recursive-users; };
allow-recursion { recursive-users; };


root@ns5:/usr/local/etc/namedb/working/slave # named -V
BIND 9.16.5 (Stable Release) <id:c00b458>
running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '--
disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-
DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' '
CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' '
CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.14
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled

default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock

---
PGP-Key: CDE74120 ☀ computing @ chaos claudius


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEl5evOTfnjZdhkBzKaPxTRM3nQSAFAl9OVpAACgkQaPxTRM3n QSDjUA//VbssBPV6jd2b4pibGz2LMsp9N8PagIjTBLlji/De8FrEX9hLSBDe2Z4e UiccRiY0A9G3NL3X9KYD4Hx/ue3D97EGmRJmBd6UrO59DQF7/bTSM3gl7i3bwjS8 cD219WwkDPYsFNULkzkL68htWllZzNl3gq6YQfTiyyjJnZdKRF5An5AzqGlUb7As G+eyT6+lyPC4yKcN8iIyC8NKtI5oivZDjy5IQ/Y3VNXolPLOI03QVFX4ixArrbGY yiP5iAPm24n4Kln1/yLxSdD9+CobMojF5VWcb2e39mD61Lpn+/elTqBkaviwY3ym EqA5pe+Yy14BfifsvaOWzziK2MdImvvqcaVwsdo0rjd4QWBlwMGs34GHa19Q1PWP crBODN5MQ5D/qEhtMjQadYYOGaDtsditP49vqH8hG222HCt2cG1cl4nEEKBDIG7T gKZyqWvPl2Svs0jOjzyjwEYt2/S3/YvUXL0V5DNdgex8p0iRqG0NUlHWnKIXGMJz DTjxLYRvAfoMKqDmBvXPTcLceTMG9Mc3Guwxp1pS+xqPYruIDeWqtESvSg6b/PD7 hEenyaJP+nxzW0Wt+iwALieyxaAfaGTsLTc+kOoCDGT1KguPPwtTfTd8YwLuG2Fz 0Z+/Jl6C/xhUawVAIR1oy/wQr+5vRkOIE3zKcz/H20KRYkDwBDo=
=CI+F
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: [email protected]

Hi Axel,

the `nc` commands you used for testing neither proves that
it’s that specific `named` listening on that port nor DNS
daemon at all. FWIW it could be a dummy UDP/TCP server
and you would not know.

First you need to use a tool from your operating system
to check what is listening on those ports, and then use
`dig` (or other DNS debugging tool) to send actual DNS
queries.

Ondrej
--
Ondřej Surý (He/Him)
[email protected]

On 1. 9. 2020, at 16:11, Axel Rau <[email protected]> wrote:

Hi!

this is a new server, which answers external queries, sends notifies and pushes axfrs.
It does not answer any query from localhost nor shows any notifies from master in the logs.

From local:
root@ns5:/ # nc -v localhost 53
Connection to localhost 53 port [tcp/domain] succeeded!
^C
root@ns5:/ # nc -vu localhost 53
Connection to localhost 53 port [udp/domain] succeeded!

From master server:
[hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
^C
[hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [udp/domain] succeeded!

Any help greatly appreciated,
Axel

PS:

part of named.conf:
allow-notify {
hermes-ns5;
};
allow-transfer {
full-trusted;
ns5-ping;
ns4-he;
management-hosts;
};
allow-query { any; };
allow-query-cache { recursive-users; };
allow-recursion { recursive-users; };

root@ns5:/usr/local/etc/namedb/working/slave # named -V
BIND 9.16.5 (Stable Release) <id:c00b458>
running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '--

disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-
DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' '
CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' '
CPP=cpp' 'PKG_CONFIG=pkgconf'

compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.14
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled

default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock

---
PGP-Key: CDE74120 ☀ computing @ chaos claudius

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1aFhp0RpYOb4wjRUEs5OlHEsC8FNUzN60
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

Please include any listen-on { ... } and listen-on-v6 { ... } clauses.

It seems any of 127.0.0.1; ::1; nor localhost; is listed in them.
Because it is not listening on localhost socket, it would not answer any queries.

If the server should listen on all interfaces, just use:
listen-on { any; };

If it has addresses on which it should not listen, just add localhost;
to current listen-on.

It might be able to respond to:

dig @91.216.35.21 -b 127.0.0.1 localhost

Which would be technically from localhost, but I guess you are looking
for listen-on change.

Cheers,
Petr

On 9/1/20 4:41 PM, Axel Rau wrote:

Thanks for answering:

root@ns5:/ # dig NS lrau.net @91.216.35.21

; <<>> DiG 9.16.5 <<>> NS lrau.net @91.216.35.21
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # dig NS lrau.net @localhost

; <<>> DiG 9.16.5 <<>> NS lrau.net @localhost
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # sockstat -p 53
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root cron 59891 5 dgram -> /var/run/log
root sendmail 59197 3 dgram -> /var/run/log
bind named 47812 3 dgram -> /var/run/log
bind named 47812 137 udp4 91.216.35.21:53 *:*
bind named 47812 138 udp4 91.216.35.21:53 *:*
bind named 47812 139 udp4 91.216.35.21:53 *:*
bind named 47812 140 udp4 91.216.35.21:53 *:*
bind named 47812 141 udp4 91.216.35.21:53 *:*
bind named 47812 142 udp4 91.216.35.21:53 *:*
bind named 47812 143 udp4 91.216.35.21:53 *:*
bind named 47812 144 udp4 91.216.35.21:53 *:*
bind named 47812 145 udp4 91.216.35.21:53 *:*
bind named 47812 146 udp4 91.216.35.21:53 *:*
bind named 47812 147 udp4 91.216.35.21:53 *:*
bind named 47812 148 udp4 91.216.35.21:53 *:*
bind named 47812 149 udp4 91.216.35.21:53 *:*
bind named 47812 150 udp4 91.216.35.21:53 *:*
bind named 47812 151 udp4 91.216.35.21:53 *:*
bind named 47812 152 udp4 91.216.35.21:53 *:*
bind named 47812 154 tcp4 91.216.35.21:53 *:*
bind named 47812 155 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 156 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 157 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 158 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 159 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 160 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 161 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 162 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 163 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 164 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 165 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 166 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 167 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 168 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 169 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 170 udp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 172 tcp6 2a05:bec0:26:5::71:53 *:*
bind named 47812 512 udp4 91.216.35.21:53 *:*
bind named 47812 513 udp6 2a05:bec0:26:5::71:53 *:*
root rsyslogd 45747 0 dgram /var/run/log
root rsyslogd 45747 1 dgram -> /var/run/log
root@ns5:/ #

Am 01.09.2020 um 16:14 schrieb Ondřej Surý <[email protected]>:

Hi Axel,

the `nc` commands you used for testing neither proves that
it’s that specific `named` listening on that port nor DNS
daemon at all. FWIW it could be a dummy UDP/TCP server
and you would not know.

First you need to use a tool from your operating system
to check what is listening on those ports, and then use
`dig` (or other DNS debugging tool) to send actual DNS
queries.

Ondrej
--
Ondřej Surý (He/Him)
[email protected]

On 1. 9. 2020, at 16:11, Axel Rau <[email protected]> wrote:

Hi!

this is a new server, which answers external queries, sends notifies and pushes axfrs.
It does not answer any query from localhost nor shows any notifies from master in the logs.

From local:
root@ns5:/ # nc -v localhost 53
Connection to localhost 53 port [tcp/domain] succeeded!
^C
root@ns5:/ # nc -vu localhost 53
Connection to localhost 53 port [udp/domain] succeeded!

From master server:
[hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
^C
[hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [udp/domain] succeeded!


Any help greatly appreciated,
Axel

PS:

part of named.conf:
allow-notify {
hermes-ns5;
};
allow-transfer {
full-trusted;
ns5-ping;
ns4-he;
management-hosts;
};
allow-query { any; };
allow-query-cache { recursive-users; };
allow-recursion { recursive-users; };


root@ns5:/usr/local/etc/namedb/working/slave # named -V
BIND 9.16.5 (Stable Release) <id:c00b458>
running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC >>> built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '

--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=
-DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' '
CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' '
CPP=cpp' 'PKG_CONFIG=pkgconf'

compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.14
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled

default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock

---
PGP-Key: CDE74120 ☀ computing @ chaos claudius

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

---
PGP-Key: CDE74120 ☀ computing @ chaos claudius

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: [email protected]
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB


--1aFhp0RpYOb4wjRUEs5OlHEsC8FNUzN60--

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEyAnuyr53ULACiVxR6NqkjADITJMFAl9OYWMACgkQ6NqkjADI TJMc+AgAk9GKIfYJ6TwYZ4ffajEI1kD1RkptSz8PFtV4iBSxIFpypTEITYQ/hT8L ps15E6Wk8upnl6KtieAzF1tJd/ezq8GPMXjlYow0M4TOsKb1lpGrzV8tRoGpepG4 MXUwDzf8Mf/u5udC/UxAmWgPMu7JAV2rXqqRPhH0CzTRlvo09mpWccrHs6Gbg1eq yN4O8INq0VHEokvWxknvTQpWxrAjskKaU8ugHCbnFyJV4OksVQpfGyZRrqzSvGkM u9AnhZFpcvEy/KDbCk8zwBQdVsJOeHzQ8422tpBSDknLu0HrP+Qh4KUQ0GhZJPzC /HdJPMrjT6kQB3/E0CPiediJwPemQw==
=kO9j
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: [email protected] (bind-users)

What is 'localhost'?

The output you included doesn't really show very much, other than that nc connect to port 53.

I'd suggest:
dig ns5.lrau.net @localhost
dig ns5.lrau.net @127.0.0.1
dig ns5.lrau.net @::1

Also, have a look in /etc/hosts and make sure that you have something like: 127.0.0.1 localhost


(nc may be connecting over v4 and <whatever else you used to test> may be
doing v6, etc...)

W

On Tue, Sep 1, 2020 at 10:12 AM Axel Rau <[email protected]> wrote:

Hi!

this is a new server, which answers external queries, sends notifies and pushes axfrs.
It does not answer any query from localhost nor shows any notifies from master in the logs.

From local:
root@ns5:/ # nc -v localhost 53
Connection to localhost 53 port [tcp/domain] succeeded!
^C
root@ns5:/ # nc -vu localhost 53
Connection to localhost 53 port [udp/domain] succeeded!

From master server:
[hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
^C
[hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53
Connection to ns5.lrau.net 53 port [udp/domain] succeeded!

Any help greatly appreciated,
Axel

PS:

part of named.conf:
allow-notify {
hermes-ns5;
};
allow-transfer {
full-trusted;
ns5-ping;
ns4-he;
management-hosts;
};
allow-query { any; };
allow-query-cache { recursive-users; };
allow-recursion { recursive-users; };

root@ns5:/usr/local/etc/namedb/working/slave # named -V
BIND 9.16.5 (Stable Release) <id:c00b458>
running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib'
'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.14
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled

default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock

---
PGP-Key: CDE74120 ☀ computing @ chaos claudius

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

--
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
---maf

<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">What is &#39;localhost&#39;? </div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:
verdana,sans-serif">The output you included doesn&#39;t really show very much, other than that nc connect to port 53.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,
sans-serif">I&#39;d suggest:</div><div class="gmail_default" style="font-family:verdana,sans-serif">dig <a href="http://ns5.lrau.net">ns5.lrau.net</a> @localhost</div><div class="gmail_default" style="font-family:verdana,sans-serif">dig <a href

Copy: [email protected]

--Apple-Mail=_D37F36D6-D5B5-45CE-AFFD-B9D3559BCE48
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8

Thanks for your answer!

Am 01.09.2020 um 16:18 schrieb Warren Kumari <[email protected]>:

The output you included doesn't really show very much, other than that nc connect to port 53.

I'd suggest:
dig ns5.lrau.net <http://ns5.lrau.net/> @localhost
dig ns5.lrau.net <http://ns5.lrau.net/> @127.0.0.1 <http://127.0.0.1/>
dig ns5.lrau.net <http://ns5.lrau.net/> @::1

Also, have a look in /etc/hosts and make sure that you have something like: 127.0.0.1 localhost

(nc may be connecting over v4 and <whatever else you used to test> may be doing v6, etc...)

; <<>> DiG 9.16.5 <<>> NS lrau.net @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # dig NS lrau.net @::1

; <<>> DiG 9.16.5 <<>> NS lrau.net @::1
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # dig NS lrau.net @91.216.35.21

; <<>> DiG 9.16.5 <<>> NS lrau.net @91.216.35.21
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # dig NS lrau.net @localhost

; <<>> DiG 9.16.5 <<>> NS lrau.net @localhost
;; global options: +cmd
;; connection timed out; no servers could be reached

root@ns5:/ # grep localhost /etc/hosts
127.0.0.1 localhost
::1 localhost

---
PGP-Key: CDE74120 ☀ computing @ chaos claudius


--Apple-Mail=_D37F36D6-D5B5-45CE-AFFD-B9D3559BCE48
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8

<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Thanks for your answer!<br class=""><div><br class=""><blockquote
type="cite" class=""><div class="">Am 01.09.2020 um 16:18 schrieb Warren Kumari &lt;<a href="mailto:[email protected]" class="">[email protected]</a>&gt;:</div><br class="Apple-interchange-newline"><div class=""><div class="gmail_default" style="caret-
color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width:
0px; text-decoration: none; font-family: verdana, san

Copy: [email protected]

--Apple-Mail=_4A62BD22-814B-419E-9C2E-88528B68C9E6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8

Am 01.09.2020 um 16:57 schrieb Petr Menšík <[email protected]>:

Please include any listen-on { ... } and listen-on-v6 { ... } clauses.

It seems any of 127.0.0.1; ::1; nor localhost; is listed in them.
Because it is not listening on localhost socket, it would not answer any queries.

Voilà:


Listen-on {
91.216.35.21;
127.0.0.1;
};
Listen-on-v6 {
2a05:bec0:26:5::71;
::1;
};

Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius


--Apple-Mail=_4A62BD22-814B-419E-9C2E-88528B68C9E6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8

<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><
div class="">Am 01.09.2020 um 16:57 schrieb Petr Menšík &lt;<a href="mailto:[email protected]" class="">[email protected]</a>&gt;:</div><br class="Apple-interchange-newline"><div class=""><span style="caret-color: rgb(0, 0, 0); font-family: Menlo-
Regular; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-
decoration: none; float: none; display: inline !importa

--Apple-Mail=_991C9C91-8940-470D-BC00-9F03DED5785C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8

tcp queries are being answered, but udp queries receive no response.
This is independent of client location (local, remote).

A ktrace shows 8 bytes are written on fd 89, the 8 bytes read on fd 88.
The next read gets an errno 35 (see below).

clueless,
Axel


root@ns5:/var/log # uname -a
FreeBSD ns5 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC amd64

root@ns5:/var/log # named -V
BIND 9.16.6 (Stable Release) <id:25846cf>
running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--
disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-
fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-
strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
compiled with libuv version: 1.38.1
linked to libuv version: 1.38.1
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.2
linked to protobuf-c version: 1.3.2
threads support is enabled

23480 isc-socket-0 STRU struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0, fflags=0, data=0x35, udata=0x0 } }
23480 isc-socket-0 RET kevent 0x1
23480 isc-socket-0 CALL recvmsg(0x200,0x7fffdbddbb70,0)
23480 isc-socket-0 GIO fd 512 read 53 bytes
0x0000 552a 0120 0001 0000 0000 0001 0377 7777 |U*. .........www|
0x0010 0568 6569 7365 0264 6500 0001 0001 0000 |.heise.de.......|
0x0020 2910 0000 0000 0000 0c00 0a00 0810 a161 |)..............a|
0x0030 cea7 9c05 fa |.....|

23480 isc-socket-0 STRU struct sockaddr { AF_INET, 193.105.105.1:56885 }
23480 isc-socket-0 RET recvmsg 0x35
23480 isc-socket-0 CALL _umtx_op(0x802f38bb8,0x15,0x1,0,0)
23480 isc-socket-0 RET _umtx_op 0
23480 isc-socket-0 CALL kevent(0x5a,0x7fffdbddbec0,0x1,0,0,0)
23480 isc-socket-0 STRU struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0x2<EV_DELETE>, fflags=0, data=0, udata=0x0 } }
23480 isc-socket-0 STRU struct kevent[] = { }
23480 isc-socket-0 RET kevent 0
23480 isc-socket-0 CALL kevent(0x5a,0,0,0x802fa7200,0x800,0)
23480 isc-socket-0 STRU struct kevent[] = { }
23480 isc-worker0000 RET _umtx_op 0
23480 isc-worker0000 CALL recvmsg(0x200,0x7fffddfec9c0,0)
23480 isc-worker0000 RET recvmsg -1 errno 35
23480 isc-worker0000 CALL write(0x59,0x7fffddfecbc0,0x8)
23480 isc-worker0000 GIO fd 89 wrote 8 bytes
0x0000 0002 0000 fdff ffff |........|

23480 isc-worker0000 RET write 0x8
23480 isc-worker0000 CALL _umtx_op(0x80178f188,0xf,0,0,0)
23480 isc-socket-0 STRU struct kevent[] = { { ident=88, filter=EVFILT_READ, flags=0, fflags=0, data=0x8, udata=0x0 } }
23480 isc-socket-0 RET kevent 0x1
23480 isc-socket-0 CALL read(0x58,0x7fffdbddbe40,0x8)
23480 isc-socket-0 GIO fd 88 read 8 bytes
0x0000 0002 0000 fdff ffff |........|

23480 isc-socket-0 RET read 0x8
23480 isc-socket-0 CALL kevent(0x5a,0x7fffdbddbec0,0x1,0,0,0)
23480 isc-socket-0 STRU struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0x1<EV_ADD>, fflags=0, data=0, udata=0x0 } }
23480 isc-socket-0 STRU struct kevent[] = { }
23480 isc-socket-0 RET kevent 0
23480 isc-socket-0 CALL read(0x58,0x7fffdbddbe40,0x8)
23480 isc-socket-0 RET read -1 errno 35
23480 isc-socket-0 CALL kevent(0x5a,0,0,0x802fa7200,0x800,0)
23480 isc-socket-0 STRU struct kevent[] = { }
23480 isc-socket-0 STRU struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0, fflags=0, data=0x35, udata=0x0 } }
23480 isc-socket-0 RET kevent 0x1
23480 isc-socket-0 CALL recvmsg(0x200,0x7fffdbddbb70,0)
23480 isc-socket-0 GIO fd 512 read 53 bytes
0x0000 552a 0120 0001 0000 0000 0001 0377 7777 |U*. .........www|
0x0010 0568 6569 7365 0264 6500 0001 0001 0000 |.heise.de.......|
0x0020 2910 0000 0000 0000 0c00 0a00 0810 a161 |)..............a|
0x0030 cea7 9c05 fa |.....|
. . .
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius


--Apple-Mail=_991C9C91-8940-470D-BC00-9F03DED5785C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8

<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div>tcp queries are being answered, but udp queries receive no
response.</div><div>This is independent of client location (local, remote).</div><div><br class=""></div><div>A ktrace shows 8 bytes are written on fd 89, the 8 bytes read on fd 88.</div><div>The next read gets an errno 35 (see below).</div><div><br
class=""></div><div>clueless,</div><div>Axel</div><div><br class=""></div><div><br class=""></div><div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class="
"><span style="font-variant-ligatures: no-common-ligatures