almost, but no seegar,...
i and continuing to have dig lookups for linuxlighthouse.com a is timing out(refused or servfail)
anyone see my misconfiguration??
one error i need to address, my domain is 'linuxlighthouse.com'
i have mistakenly tried to include ws.linuxlighthouse.com & www.linuxlighthouse.com in my certificates..
i am missing the record to define www.<linuxlighthouse.com> ?
tia, jackc...
# Name Server: NS3.ATTDNS.COM
# Name Server: WS.LINUXLIGHTHOUSE.COM
nmap -sS 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:07 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0020s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
631/tcp open ipp
5000/tcp open upnp
8200/tcp open trivnet1
20005/tcp open btx
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
[root@ws named$ netstat -tapnl | grep named
tcp 0 0 10.0.0.101:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 20563/named
tcp6 0 0 :::53 :::* LISTEN 20563/named
tcp6 0 0 ::1:953 :::* LISTEN 20563/named
nmap -A -T4 -p53 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:10 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0013s latency).
PORT STATE SERVICE VERSION
53/tcp open domain (generic dns response: NOTIMP)
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.80%I=7%D=4/30%Time=608C645D%P=x86_64-redhat-linux-gnu%r(
SF:DNSVersionBindReqTCP,20,"\0\x1e\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07vers
SF:ion\x04bind\0\0\x10\0\x03")%r(DNSStatusRequestTCP,E,"\0\x0c\0\0\x90\x04
SF:\0\0\0\0\0\0\0\0");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|WAP|phone|storage-misc|proxy server|media device
Running (JUST GUESSING): Linux 4.X|2.6.X|3.X (93%), Linksys embedded (93%), Google Android 4.4.X (92%), Synology DiskStation Manager 5.X (91%), WebSense embedded (90%), BlackBox embedded (90%)
OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel cpe:/h:linksys:ea3500 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.16 cpe:/o:google:android:4.4.0 cpe:/a:synology:diskstation_manager:5.2
Aggressive OS guesses: Linux 4.4 (93%), Linksys EA3500 WAP (93%), Linux 2.6.18 - 2.6.32 (93%), Linux 3.16 (93%), Android 4.4.0 (92%), Linux 3.2 - 4.9 (92%), Linux 2.6.32 - 3.10 (91%), Linux 2.6.32 (91%), Linux 2.6.32 - 2.6.35 (91%), Linux 2.6.32 - 3.5 (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
TRACEROUTE (using port 53/tcp)
HOP RTT ADDRESS
1 0.87 ms ws (108.220.213.121)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.84 seconds
nmap -A -T4 -sU -p53 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:12 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0013s latency).
PORT STATE SERVICE VERSION
53/udp open domain (generic dns response: NOTIMP)
| fingerprint-strings:
| DNSVersionBindReq:
| version
| bind
| NBTStat:
|_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-UDP:V=7.80%I=7%D=4/30%Time=608C64C1%P=x86_64-redhat-linux-gnu%r(
SF:DNSVersionBindReq,1E,"\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07version\x04bi
SF:nd\0\0\x10\0\x03")%r(DNSStatusRequest,C,"\0\0\x90\x04\0\0\0\0\0\0\0\0")
SF:%r(NBTStat,32,"\x80\xf0\x80\x15\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAA
SF:AAAAAAAAAAAAAA\0\0!\0\x01");
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
TRACEROUTE (using port 53/udp)
HOP RTT ADDRESS
1 1.56 ms ws (108.220.213.121)
netstat -nap | grep named
tcp 0 0 10.0.0.101:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 20563/named
tcp6 0 0 :::53 :::* LISTEN 20563/named
tcp6 0 0 ::1:953 :::* LISTEN 20563/named
udp 0 0 192.168.122.1:53 0.0.0.0:* 20563/named
udp 0 0 10.0.0.101:53 0.0.0.0:* 20563/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 20563/named
udp6 0 0 :::53 :::* 20563/named
unix 2 [ ] STREAM CONNECTED 130890 20563/named
unix 2 [ ] DGRAM 130887 20563/named
# Name Server: WS.LINUXLIGHTHOUSE.COM
nmap -sS 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:07 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0020s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
631/tcp open ipp
5000/tcp open upnp
8200/tcp open trivnet1
20005/tcp open btx
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
[root@ws named$ netstat -tapnl | grep named
tcp 0 0 10.0.0.101:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 20563/named
tcp6 0 0 :::53 :::* LISTEN 20563/named
tcp6 0 0 ::1:953 :::* LISTEN 20563/named
nmap -A -T4 -p53 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:10 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0013s latency).
PORT STATE SERVICE VERSION
53/tcp open domain (generic dns response: NOTIMP)
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.80%I=7%D=4/30%Time=608C645D%P=x86_64-redhat-linux-gnu%r(
SF:DNSVersionBindReqTCP,20,"\0\x1e\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07vers
SF:ion\x04bind\0\0\x10\0\x03")%r(DNSStatusRequestTCP,E,"\0\x0c\0\0\x90\x04
SF:\0\0\0\0\0\0\0\0");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|WAP|phone|storage-misc|proxy server|media device
Running (JUST GUESSING): Linux 4.X|2.6.X|3.X (93%), Linksys embedded (93%), Google Android 4.4.X (92%), Synology DiskStation Manager 5.X (91%), WebSense embedded (90%), BlackBox embedded (90%)
OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel cpe:/h:linksys:ea3500 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.16 cpe:/o:google:android:4.4.0 cpe:/a:synology:diskstation_manager:5.2
Aggressive OS guesses: Linux 4.4 (93%), Linksys EA3500 WAP (93%), Linux 2.6.18 - 2.6.32 (93%), Linux 3.16 (93%), Android 4.4.0 (92%), Linux 3.2 - 4.9 (92%), Linux 2.6.32 - 3.10 (91%), Linux 2.6.32 (91%), Linux 2.6.32 - 2.6.35 (91%), Linux 2.6.32 - 3.5 (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
TRACEROUTE (using port 53/tcp)
HOP RTT ADDRESS
1 0.87 ms ws (108.220.213.121)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.84 seconds
nmap -A -T4 -sU -p53 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:12 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0013s latency).
PORT STATE SERVICE VERSION
53/udp open domain (generic dns response: NOTIMP)
| fingerprint-strings:
| DNSVersionBindReq:
| version
| bind
| NBTStat:
|_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-UDP:V=7.80%I=7%D=4/30%Time=608C64C1%P=x86_64-redhat-linux-gnu%r(
SF:DNSVersionBindReq,1E,"\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07version\x04bi
SF:nd\0\0\x10\0\x03")%r(DNSStatusRequest,C,"\0\0\x90\x04\0\0\0\0\0\0\0\0")
SF:%r(NBTStat,32,"\x80\xf0\x80\x15\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAA
SF:AAAAAAAAAAAAAA\0\0!\0\x01");
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
TRACEROUTE (using port 53/udp)
HOP RTT ADDRESS
1 1.56 ms ws (108.220.213.121)
netstat -nap | grep named
tcp 0 0 10.0.0.101:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20563/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 20563/named
tcp6 0 0 :::53 :::* LISTEN 20563/named
tcp6 0 0 ::1:953 :::* LISTEN 20563/named
udp 0 0 192.168.122.1:53 0.0.0.0:* 20563/named
udp 0 0 10.0.0.101:53 0.0.0.0:* 20563/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 20563/named
udp6 0 0 :::53 :::* 20563/named
unix 2 [ ] STREAM CONNECTED 130890 20563/named
unix 2 [ ] DGRAM 130887 20563/named
On Fri, Apr 23, 2021 at 7:37 PM Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
On 24/04/2021 10:29, Jack Craig wrote:
> ok, done. now we have, ....
>
>
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: using 7 UDP listeners per interface
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv6 interfaces, port 53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv4 interface lo, 127.0.0.1#53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv4 interface eno1, 10.0.0.101#53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv4 interface virbr0, 192.168.122.1#53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: command channel listening on 127.0.0.1#953
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: command channel listening on ::1#953
And I see.....
Nmap scan report for ws.linuxlighthouse.com (108.220.213.121)
Host is up (0.16s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
And I get
[egreshko@meimei ~]$ host cnn.com 108.220.213.121
Using domain server:
Name: 108.220.213.121
Address: 108.220.213.121#53
Aliases:
Host cnn.com not found: 5(REFUSED)
Which is correct since your named.conf currently contains
allow-query { localhost; };
So, at least your server is now contactable from the Internet. So you can go about adding in the zones
you need as well as the access you want to allow.
--
Remind me to ignore comments which aren't germane to the thread.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
