Path: csiph.com!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!news.dns-netz.com!news.freedyn.net!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail From: =?UTF-8?B?UGV0ciBNZW7FocOtaw==?= Newsgroups: comp.protocols.dns.bind Subject: Re: No response from localhost with "allow-query { any; };" Date: Tue, 1 Sep 2020 16:57:39 +0200 Organization: Red Hat Lines: 257 Approved: bind-users@lists.isc.org Message-ID: References: <7db4a030-e66e-7239-287c-32d463cfbe94@redhat.com> NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jzSruEzCBtK7zmW5lUSli9D4r72ClJk6f" X-Trace: usenet.stanford.edu 1598972310 17462 149.20.1.60 (1 Sep 2020 14:58:30 GMT) X-Complaints-To: action@cs.stanford.edu To: bind-users@lists.isc.org Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598972293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=xsvQ4EycVr33rbXfqtjeWx2Zoj/Ro41qsmtyBvxj87k=; b=M9ZcG9AKC0UHXDla4nt4if/0upU/AlknayWoPkccEQw421MZbLludxaCyAIiCWACCTlRsI aUl/zbHQ9ocnszCi9UHo+VPNvDrbTKYWqN8qg+npgoClO9teeiVZmhJ44Jc3wMtbBZShHq 6iTD8w2Oj2W94mVDc4i/YeL9wtkknUQ= X-MC-Unique: ptFoo_WZMwycwWN3gZS-zg-1 Autocrypt: addr=pemensik@redhat.com; prefer-encrypt=mutual; keydata= mQGNBF17vwQBDACso9gM0++XOzm/b//dGE1bgYyIch8xqCDHe2YXDUL2a65LCmNQUnS7PTxf 8psG4DdBayWlRvA/33L3YQD8gULaZX/KsHbSQov4Np4E2rG9PCljcDqHFCKjHEmmzQ86Z4+r euHoTwUpEroz2xa1XAIsy4fjqro0GHc6H3BVwXQ8Vfrmllq6tW+ubegI/tZSDDfOlnkHyMsh /mX893qn1Sb+A/RqyDDV6voAv4YfoNJyDfBB0jMshEiSLO+S0vspw42ElbAdLO6SHOX8Dy/a yPVTGDe2Jopy3YrbUWtu5HIs8X0vsKbF6tegO1l/m1y3t2Aa153k6NKOWv+79iNiY2ygGefm o1TRzlS/d+xacOxnGO3RCSlvm3xDEUuqNqrSQNF2yVRYAMwh75VWefeTu+/erXR4MGDpTTSA Ebaen0+uuiG4LGCNzZdYOyj7OMHW14e9JX4eujP0DtoJC9TWpDwHwbApbf83ZdmxxrU4yTPi 7fkXe4qkPulRFV7LOmlkAAUAEQEAAbQjUGV0ciBNZW7FocOtayA8cGVtZW5zaWtAcmVkaGF0 LmNvbT6JAdQEEwEIAD4WIQTfz5CNt8h+jlKZJbxJMcpbbJ/FywUCXXu/BAIbAwUJA8JnAAUL CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBJMcpbbJ/Fy+7OC/4tHXPkk+UUN71nKq486Hz7 8lSf1igeVjg1/wZvu1deYCEwBvs+I8bve7lteomZJ+WNRhixuKBxna4Nknrfr0VjYkNLOHDV lioJ/90YCK6cGD2BEhFhcAGn2I5pHJePS2RxdsUV81DRZxxRXSFCEAVMyfzw1ZfRs3mVS+Km jkriYRWrGPVCERLQ1b1IluvjExVXvm+r6ILQuVIbQi4V1hbVYzSJt156zVmKNYXTjK6bxEMV bKoPOSN/2qtZN1VHel/NK+bj914/j9Tp8/TbZ7nBKVmwPYZaWxQF6HwMvgn8kBj9bWl+JeWa w2J1F+zvhi4u1K7Ct2BOQ0V6NjOctWd+Fr70z7+kZYXQmR9c1iaTddhjKdbvRdDLDmEhc29Q vqP6Lg64YPPuv+RqSxjYC0z/+JkrQdAePYnoQ7af/+v3O2tWAnKAxphXOyHEi2FQzvvDECp9 XiVDwxYsWS52VxTgyBMGixBJxJU6UK8B/mQGL4Y/0iVyMofKV+owSi1kBCW5AY0EXXu/BAEM AMe+2Xxem4Uzjy2MG9cT3aX7suGVCgYmJV2CACSMncqN2MC0PjxGiV37wv+Cyq9QaOF/MiuF 568YYim2Cz1RURRjDxDeslMqj+6NKwepwABPTdlGOOvnMBmH5gfBeBJuRcx+1cHVTHBpoSTi waDUg+rtyfRXZYCGqvG9fUcJzWeCkiYbqaLHzxt9sTPhAv3rE0MdGib8Igg86Txge3b55i/7 MbYGtw+lqtVoYpsV1LoqfoQgW8j0Ac1Objch34iKvbAR75z6dJ1Tg5aFJyhYCbB8NwrE31Pd aXUHyr47y3IoNXNlc0s7dg542OA6m2FkvQYgfbZlQb66J0PTAl31zvYN/G2C024DDqU1wOpV hn1RYkoc0UTAse2IdP/t2mqE4me2gZ7NrjWwFSzXlGIh08T7KxHLrGtA3Mm2I3XnPHO1ppf6 xBoeGMfESeNfoR8sGWOnYyd52CKdnp7DtJ3TlGLlafnkauwHrHnHdkJb4pkKjXKavKy/DjUG yWG74jexhwARAQABiQG8BBgBCAAmFiEE38+QjbfIfo5SmSW8STHKW2yfxcsFAl17vwQCGwwF CQPCZwAACgkQSTHKW2yfxcvEkAwAiguYyTPPCwKB2kgdy7C+we2Rdi8Cg0WIaatIi1zGb3CZ JYCQhymyNR7GUiK6/SKvTFEzn//8f+4vFxPcRkl5CFOAW5p2g4K1C8owA/Jmoy755+3rbQyj 5b0zK+LWvJ/+heSve+U4nMw2S4gyih0ZeaJ39qvQT9/ZK0mml+YxR55NxLGamcdEQi/Jpeoq asg/rBQ+2cRHMvMs0/HsqsTog+ihUzkU5oFwBtF3WGrAyRWbRL2DGfUZPDkxQPwrEyKcDovs J4pYJHuOFmN0zrnGGuVQvh43LEt9WQew1he1zbML45z12Z1NyKmIPexPICHNGhW8SHUdSu9t Qa5Bn6hJI8/3iwscXkRoBgYN2Z9icdlRlo+YbqHcHsXgnnJx2dXg0ZyxpILwJhG4fvGrz+xP 7XurNBI3P+jothX0KYGGwAIx8aT1GQGBXiDiNsIWTPUb0BPlOrZhVh/AKlPu5rrTtPFU9V1+ 14wowW1roorToe+CkHJ4e6d/8X6nyLzA+IPfuQENBF17wDgBCAC8rCzPc8MASV2lcTivjt8F VBN/NfGqeT+/wWqdp1ghokttdmXJ8XbKsiCLdh8sq8iin7FBGymfODSRvIome+XHI56po+Oy 6KmlvVyMu3xZlYtSSF3AmALuLx8i89eECBkS9ZW3uyN0zMed1Bc4r8StDRHpciEV8viUXxyR ck+mRJrlbrutYFIGKFZYL01dx/TLtXWIfkj/TQle6dHm1+a7KOABbpAcvOp6bEjhqJ8en/wv OLMU+JQdojn3Sv1+qqBUuJKapfO9RxKlXSviAfwmH9hIddgot1aqaS6kiYGo5aWK2dxSam9u eWE0Qy9rF7LvNN+ZlV5AjuZyJfmzVpbxABEBAAGJAvIEGAEIACYWIQTfz5CNt8h+jlKZJbxJ McpbbJ/FywUCXXvAOAIbAgUJA8JnAAFACRBJMcpbbJ/Fy8B0IAQZAQgAHRYhBMgJ7sq+d1Cw AolcUejapIwAyEyTBQJde8A4AAoJEOjapIwAyEyT2p4IAIctH08Yx+4kAUP7WsLMceJDoBPT SABYSpg+78OhBOp5Lw6e0yvEd4MdOZ0FgF6LwdKlyGz/ZxBCFCyScpmEfaq+ClsJijXEKQQE aQNGkMuZ1sQhgHATCK0oXTJG63qvNNUDZiHyBkpPDV7L2s+CF60Fvq3ctOang8cStCemPo/k zFbUwnMzLmOSY6gmOx8vzCXxSovR441oj/EgzYgqgNSd5+d8SfxYiZnueq+vsdOsN3OjHUGR oBSU6NQjM1VR+fBPAT97jSqKy5k2OyYxg3hfVHhD/si7eGHa3LPtr9I0VXT1XDQOAB/m8Y1M oZr6p/agBSgsux6zCsGnj5aXz5uBaQv8CSl0Xxc2Mn+R9F2ATsxlApAnw1sNfeoZWNwELnUa +rSJlejSH8P/hJOKabtmUGr3uchyGxg1kKAdMmKKBoERH900LZaWrG5iSEjYyaByT2CxuJrW nGMqfzrBfLofgtTpWqVHbgJWBB+r8VqdSi71DEHKzB9oO6oOtdqh65L9cF8+u9ENvU5uYTGy J7BbcbldOw8HJERSfvU8ppZRBRb7X2whlDtQzdhSXjiYT36FD0IqKwYeWivFvfnPDAYQZefH DNvnTlXAgjMFiUCr6XmLteKpihV5OXR6NCKsw/QrMJhc/NzxUtXbIVQDmSpfA9dcYLBsLxOB XNfVUOaSozzvr7VhN4LDWjYkpOc1dq25PFYofxv8/sB0VhgPj4DkoyHNrv7O8tLVN4e8lL6C oNNBGAtjTQwkrJmf5okiJ/YlgPlHtlTC1/EVXFmz98V5TuqTAll4idv1hgcpCBgFp9iDLqu3 gdmYkooSEDiKurqkkvOzaGG5VITpk4uoyRZTeQIu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pemensik@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-1.4 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GPG_SIGNED,KAM_ASCII_DIVIDERS, KAM_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <7db4a030-e66e-7239-287c-32d463cfbe94@redhat.com> X-Mailman-Original-References: Xref: csiph.com comp.protocols.dns.bind:16084 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jzSruEzCBtK7zmW5lUSli9D4r72ClJk6f Content-Type: multipart/mixed; boundary="1aFhp0RpYOb4wjRUEs5OlHEsC8FNUzN60" --1aFhp0RpYOb4wjRUEs5OlHEsC8FNUzN60 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Please include any listen-on { ... } and listen-on-v6 { ... } clauses. It seems any of 127.0.0.1; ::1; nor localhost; is listed in them. Because it is not listening on localhost socket, it would not answer any queries. If the server should listen on all interfaces, just use: listen-on { any; }; If it has addresses on which it should not listen, just add localhost; to current listen-on. It might be able to respond to: dig @91.216.35.21 -b 127.0.0.1 localhost Which would be technically from localhost, but I guess you are looking for listen-on change. Cheers, Petr On 9/1/20 4:41 PM, Axel Rau wrote: > Thanks for answering: >=20 > root@ns5:/ # dig NS lrau.net @91.216.35.21 >=20 > ; <<>> DiG 9.16.5 <<>> NS lrau.net @91.216.35.21 > ;; global options: +cmd > ;; connection timed out; no servers could be reached >=20 > root@ns5:/ # dig NS lrau.net @localhost >=20 > ; <<>> DiG 9.16.5 <<>> NS lrau.net @localhost > ;; global options: +cmd > ;; connection timed out; no servers could be reached >=20 > root@ns5:/ # sockstat -p 53 > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > root cron 59891 5 dgram -> /var/run/log > root sendmail 59197 3 dgram -> /var/run/log > bind named 47812 3 dgram -> /var/run/log > bind named 47812 137 udp4 91.216.35.21:53 *:* > bind named 47812 138 udp4 91.216.35.21:53 *:* > bind named 47812 139 udp4 91.216.35.21:53 *:* > bind named 47812 140 udp4 91.216.35.21:53 *:* > bind named 47812 141 udp4 91.216.35.21:53 *:* > bind named 47812 142 udp4 91.216.35.21:53 *:* > bind named 47812 143 udp4 91.216.35.21:53 *:* > bind named 47812 144 udp4 91.216.35.21:53 *:* > bind named 47812 145 udp4 91.216.35.21:53 *:* > bind named 47812 146 udp4 91.216.35.21:53 *:* > bind named 47812 147 udp4 91.216.35.21:53 *:* > bind named 47812 148 udp4 91.216.35.21:53 *:* > bind named 47812 149 udp4 91.216.35.21:53 *:* > bind named 47812 150 udp4 91.216.35.21:53 *:* > bind named 47812 151 udp4 91.216.35.21:53 *:* > bind named 47812 152 udp4 91.216.35.21:53 *:* > bind named 47812 154 tcp4 91.216.35.21:53 *:* > bind named 47812 155 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 156 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 157 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 158 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 159 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 160 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 161 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 162 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 163 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 164 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 165 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 166 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 167 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 168 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 169 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 170 udp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 172 tcp6 2a05:bec0:26:5::71:53 *:* > bind named 47812 512 udp4 91.216.35.21:53 *:* > bind named 47812 513 udp6 2a05:bec0:26:5::71:53 *:* > root rsyslogd 45747 0 dgram /var/run/log > root rsyslogd 45747 1 dgram -> /var/run/log > root@ns5:/ # >=20 >=20 >> Am 01.09.2020 um 16:14 schrieb Ond=C5=99ej Sur=C3=BD : >> >> Hi Axel, >> >> the `nc` commands you used for testing neither proves that >> it=E2=80=99s that specific `named` listening on that port nor DNS >> daemon at all. FWIW it could be a dummy UDP/TCP server >> and you would not know. >> >> First you need to use a tool from your operating system >> to check what is listening on those ports, and then use >> `dig` (or other DNS debugging tool) to send actual DNS >> queries. >> >> Ondrej >> -- >> Ond=C5=99ej Sur=C3=BD (He/Him) >> ondrej@isc.org >> >>> On 1. 9. 2020, at 16:11, Axel Rau wrote: >>> >>> Hi! >>> >>> this is a new server, which answers external queries, sends notifies an= d pushes axfrs. >>> It does not answer any query from localhost nor shows any notifies from= master in the logs. >>> >>> From local: >>> root@ns5:/ # nc -v localhost 53 >>> Connection to localhost 53 port [tcp/domain] succeeded! >>> ^C >>> root@ns5:/ # nc -vu localhost 53 >>> Connection to localhost 53 port [udp/domain] succeeded! >>> >>> From master server: >>> [hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53 >>> Connection to ns5.lrau.net 53 port [tcp/domain] succeeded! >>> ^C >>> [hermes:local/etc/namedb] root#=09nc -vu ns5.lrau.net 53 >>> Connection to ns5.lrau.net 53 port [udp/domain] succeeded! >>> >>> >>> Any help greatly appreciated, >>> Axel >>> >>> PS: >>> >>> part of named.conf: >>> =09allow-notify { >>> =09=09hermes-ns5; >>> =09}; >>> =09allow-transfer { >>> =09=09full-trusted; >>> =09=09ns5-ping; >>> =09=09ns4-he; >>> =09=09management-hosts; >>> =09}; >>> =09allow-query { any; }; >>> =09allow-query-cache { recursive-users; }; >>> =09allow-recursion { recursive-users; }; >>> >>> >>> root@ns5:/usr/local/etc/namedb/working/slave # named -V >>> BIND 9.16.5 (Stable Release) >>> running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERI= C >>> built by make with '--disable-linux-caps' '--localstatedir=3D/var' '--s= ysconfdir=3D/usr/local/etc/namedb' '--with-dlopen=3Dyes' '--with-libxml2' '= --with-openssl=3D/usr' '--with-readline=3D-L/usr/local/lib -ledit' '--with-= dlz-filesystem=3Dyes' '--disable-dnstap' '--disable-fixed-rrset' '--disable= -geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=3D/usr/loc= al' '--with-json-c' '--disable-largefile' '--with-lmdb=3D/usr/local' '--dis= able-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES= =3D-DDIG_SIGCHASE=3D1' '--enable-tcp-fastopen' '--with-tuning=3Ddefault' '-= -disable-symtable' '--prefix=3D/usr/local' '--mandir=3D/usr/local/man' '--i= nfodir=3D/usr/local/share/info/' '--build=3Damd64-portbld-freebsd12.1' 'bui= ld_alias=3Damd64-portbld-freebsd12.1' 'CC=3Dcc' 'CFLAGS=3D-O2 -pipe -DLIBIC= ONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-a= liasing ' 'LDFLAGS=3D -L/usr/local/lib -ljson-c -fstack-protector-strong ' = 'LIBS=3D-L/usr/local/lib' 'CPPFLAGS=3D-DLIBICONV_PLUG -isystem /usr/local/i= nclude' 'CPP=3Dcpp' 'PKG_CONFIG=3Dpkgconf' >>> compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_80= 1/final 366581) >>> compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019 >>> linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019 >>> compiled with libxml2 version: 2.9.10 >>> linked to libxml2 version: 20910 >>> compiled with json-c version: 0.14 >>> linked to json-c version: 0.15 >>> compiled with zlib version: 1.2.11 >>> linked to zlib version: 1.2.11 >>> threads support is enabled >>> >>> default paths: >>> named configuration: /usr/local/etc/namedb/named.conf >>> rndc configuration: /usr/local/etc/namedb/rndc.conf >>> DNSSEC root key: /usr/local/etc/namedb/bind.keys >>> nsupdate session key: /var/run/named/session.key >>> named PID file: /var/run/named/pid >>> named lock file: /var/run/named/named.lock >>> >>> --- >>> PGP-Key: CDE74120 =E2=98=80 computing @ chaos claudius >>> >>> _______________________________________________ >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsub= scribe from this list >>> >>> ISC funds the development of this software with paid support subscripti= ons. Contact us at https://www.isc.org/contact/ for more information. >>> >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users >> >=20 > --- > PGP-Key: CDE74120 =E2=98=80 computing @ chaos claudius >=20 >=20 >=20 > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc= ribe from this list >=20 > ISC funds the development of this software with paid support subscription= s. Contact us at https://www.isc.org/contact/ for more information. >=20 >=20 > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >=20 --=20 Petr Men=C5=A1=C3=ADk Software Engineer Red Hat, http://www.redhat.com/ email: pemensik@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB --1aFhp0RpYOb4wjRUEs5OlHEsC8FNUzN60-- --jzSruEzCBtK7zmW5lUSli9D4r72ClJk6f Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEyAnuyr53ULACiVxR6NqkjADITJMFAl9OYWMACgkQ6NqkjADI TJMc+AgAk9GKIfYJ6TwYZ4ffajEI1kD1RkptSz8PFtV4iBSxIFpypTEITYQ/hT8L ps15E6Wk8upnl6KtieAzF1tJd/ezq8GPMXjlYow0M4TOsKb1lpGrzV8tRoGpepG4 MXUwDzf8Mf/u5udC/UxAmWgPMu7JAV2rXqqRPhH0CzTRlvo09mpWccrHs6Gbg1eq yN4O8INq0VHEokvWxknvTQpWxrAjskKaU8ugHCbnFyJV4OksVQpfGyZRrqzSvGkM u9AnhZFpcvEy/KDbCk8zwBQdVsJOeHzQ8422tpBSDknLu0HrP+Qh4KUQ0GhZJPzC /HdJPMrjT6kQB3/E0CPiediJwPemQw== =kO9j -----END PGP SIGNATURE----- --jzSruEzCBtK7zmW5lUSli9D4r72ClJk6f--