1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.DNS.BIND

  • No response from localhost with "allow-query { any; };" (1/2)

    From Axel Rau@21:1/5 to =?ISO-8859-2?q?Ond=F8ej_Sur=FD?= on Tue Sep 1 16:41:55 2020
    Copy: bind-users@lists.isc.org

    --Apple-Mail=_D5611153-5F2E-4F0C-BA55-C33137C1F4D1
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain;
    charset=utf-8

    Thanks for answering:

    root@ns5:/ # dig NS lrau.net @91.216.35.21

    ; <<>> DiG 9.16.5 <<>> NS lrau.net @91.216.35.21
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached

    root@ns5:/ # dig NS lrau.net @localhost

    ; <<>> DiG 9.16.5 <<>> NS lrau.net @localhost
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached

    root@ns5:/ # sockstat -p 53
    USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
    root cron 59891 5 dgram -> /var/run/log
    root sendmail 59197 3 dgram -> /var/run/log
    bind named 47812 3 dgram -> /var/run/log
    bind named 47812 137 udp4 91.216.35.21:53 *:*
    bind named 47812 138 udp4 91.216.35.21:53 *:*
    bind named 47812 139 udp4 91.216.35.21:53 *:*
    bind named 47812 140 udp4 91.216.35.21:53 *:*
    bind named 47812 141 udp4 91.216.35.21:53 *:*
    bind named 47812 142 udp4 91.216.35.21:53 *:*
    bind named 47812 143 udp4 91.216.35.21:53 *:*
    bind named 47812 144 udp4 91.216.35.21:53 *:*
    bind named 47812 145 udp4 91.216.35.21:53 *:*
    bind named 47812 146 udp4 91.216.35.21:53 *:*
    bind named 47812 147 udp4 91.216.35.21:53 *:*
    bind named 47812 148 udp4 91.216.35.21:53 *:*
    bind named 47812 149 udp4 91.216.35.21:53 *:*
    bind named 47812 150 udp4 91.216.35.21:53 *:*
    bind named 47812 151 udp4 91.216.35.21:53 *:*
    bind named 47812 152 udp4 91.216.35.21:53 *:*
    bind named 47812 154 tcp4 91.216.35.21:53 *:*
    bind named 47812 155 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 156 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 157 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 158 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 159 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 160 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 161 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 162 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 163 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 164 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 165 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 166 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 167 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 168 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 169 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 170 udp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 172 tcp6 2a05:bec0:26:5::71:53 *:*
    bind named 47812 512 udp4 91.216.35.21:53 *:*
    bind named 47812 513 udp6 2a05:bec0:26:5::71:53 *:*
    root rsyslogd 45747 0 dgram /var/run/log
    root rsyslogd 45747 1 dgram -> /var/run/log
    root@ns5:/ #


    Am 01.09.2020 um 16:14 schrieb Ondřej Surý <ondrej@isc.org>:

    Hi Axel,

    the `nc` commands you used for testing neither proves that
    it’s that specific `named` listening on that port nor DNS
    daemon at all. FWIW it could be a dummy UDP/TCP server
    and you would not know.

    First you need to use a tool from your operating system
    to check what is listening on those ports, and then use
    `dig` (or other DNS debugging tool) to send actual DNS
    queries.

    Ondrej
    --
    Ondřej Surý (He/Him)
    ondrej@isc.org

    On 1. 9. 2020, at 16:11, Axel Rau <Axel.Rau@chaos1.de> wrote:

    Hi!

    this is a new server, which answers external queries, sends notifies and pushes axfrs.
    It does not answer any query from localhost nor shows any notifies from master in the logs.

    From local:
    root@ns5:/ # nc -v localhost 53
    Connection to localhost 53 port [tcp/domain] succeeded!
    ^C
    root@ns5:/ # nc -vu localhost 53
    Connection to localhost 53 port [udp/domain] succeeded!

    From master server:
    [hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
    Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
    ^C
    [hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53
    Connection to ns5.lrau.net 53 port [udp/domain] succeeded!


    Any help greatly appreciated,
    Axel

    PS:

    part of named.conf:
    allow-notify {
    hermes-ns5;
    };
    allow-transfer {
    full-trusted;
    ns5-ping;
    ns4-he;
    management-hosts;
    };
    allow-query { any; };
    allow-query-cache { recursive-users; };
    allow-recursion { recursive-users; };


    root@ns5:/usr/local/etc/namedb/working/slave # named -V
    BIND 9.16.5 (Stable Release) <id:c00b458>
    running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC
    built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '-
    -disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-
    DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' '
    CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' '
    CPP=cpp' 'PKG_CONFIG=pkgconf'
    compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
    compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
    linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
    compiled with libxml2 version: 2.9.10
    linked to libxml2 version: 20910
    compiled with json-c version: 0.14
    linked to json-c version: 0.15
    compiled with zlib version: 1.2.11
    linked to zlib version: 1.2.11
    threads support is enabled

    default paths:
    named configuration: /usr/local/etc/namedb/named.conf
    rndc configuration: /usr/local/etc/namedb/rndc.conf
    DNSSEC root key: /usr/local/etc/namedb/bind.keys
    nsupdate session key: /var/run/named/session.key
    named PID file: /var/run/named/pid
    named lock file: /var/run/named/named.lock

    ---
    PGP-Key: CDE74120 ☀ computing @ chaos claudius

    _______________________________________________
    Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

    ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


    bind-users mailing list
    bind-users@lists.isc.org
    https://lists.isc.org/mailman/listinfo/bind-users


    ---
    PGP-Key: CDE74120 ☀ computing @ chaos claudius


    --Apple-Mail=_D5611153-5F2E-4F0C-BA55-C33137C1F4D1
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/html;
    charset=utf-8


    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)