On Wed, 03 Jul 2019 13:02:52 +0930 Tim via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > No, that was it. Darn. > You haven't firewalled things into non-functionality? I'm running the default firewalld setting of public. And nothing has difficulties accessing the web with the router serving as dns. Just in case I set it to allow dns receive and sending in firewall-config. > Use the dig command. See how your local DNS server responds. Check > that you can directly query outside servers. > > This will query the default server: > dig example.com This is the router serving as dns server . $ dig example.com ; <<>> DiG 9.11.7-RedHat-9.11.7-2.fc31 <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5231 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1452 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 8282 IN A 93.184.216.34 ;; Query time: 31 msec ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Wed Jul 03 08:32:22 MST 2019 ;; MSG SIZE rcvd: 56 This is with the named dns server enabled. ~ 08:32 AM stan 4 $ dig example.com ; <<>> DiG 9.11.7-RedHat-9.11.7-2.fc31 <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29932 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 54379ff525f36c2fd4559fa05d1ccafd9be3183a7324435a (good) ;; QUESTION SECTION: ;example.com. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 03 08:34:21 MST 2019 ;; MSG SIZE rcvd: 68 > This will query specific servers: > dig example.com @1.1.1.1 When the first failed, skipped this. I am seeing entries like this in the logs when the named dns server is running and I try to resolve a name. 1.1.1.1 and 9.9.9.9 are the forwarding dns servers. Jul 03 08:40:24 localhost.Home named[11573]: timed out resolving 'localhost.Home.localhost.Home/A/IN': 1.1.1.1#53 Jul 03 08:40:23 localhost.Home named[11573]: timed out resolving 'localhost.Home.localhost.Home/A/IN': 9.9.9.9#53 And these, that look like ipv6 addresses, though I have it disabled. Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:7fd::1#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:2d::d#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:1::53#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:2f::f#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:12::d0d#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:503:ba3e::2:30#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:200::b#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:a8::e#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:7fe::53#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:dc3::35#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:9f::42#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:503:c27::2:30#53 Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:2::c#53 I also tried adjusting the firewall in the router to pass dns, both as a service and just as port 53, with no better results. I wonder if my ISP is filtering dns responses that don't go to the router connection? Their dns servers are good, Level3, but Level3's privacy policy doesn't include not keeping records of all transactions. And once they are kept, they can be sold. I also tried having bind / named use the router dns as a resolver with no better luck. I think there is something obvious that I am missing, but I am at an impasse. I might just set up dnsmasq or knot-resolver. Bind / named is really overkill for my usecase, but I thought it would be relatively easy to get working. I'll put this on the back-burner for the time being. Thanks for your help. And a thank you to everyone else who responded, too. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
