Re: FC34 broke my bind

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/13/21 1:29 AM, ToddAndMargo via users wrote:

On 6/12/21 11:39 PM, ToddAndMargo via users wrote:

Oh poop!  Figured it out!

# systemctl status named-chroot.service
● named-chroot.service - Berkeley Internet Name Domain (DNS)
      Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; enabled; vendor preset: disabled) 
      Active: active (running) since Sat 2021-06-12 14:49:05 PDT; 8h ago
     Process: 11410 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checki>      Process: 11446 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS) 
    Main PID: 11452 (named)
       Tasks: 14 (limit: 19025)
      Memory: 141.5M
         CPU: 14.612s
      CGroup: /system.slice/named-chroot.service
              └─11452 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot 



I was starting the wrong named !!!!!!!

# systemctl disable daemon_name.service
Fixed the problem

Freaking FC34 upgrade disabled named-chroot on me!

Sorry for putting your guys through all this.  Thank
you all for the tips!

-T

Okay, now I am REALLY confused!!!


# host 8.8.8.8 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

Host 8.8.8.8.in-addr.arpa not found: 2(SERVFAIL)



This is my /etc/resolv.conf (same as in FC33):

# cat /etc/resolv.conf

# Generated by NetworkManager
search abc.local
nameserver 127.0.0.1
# nameserver 8.8.8.8

Now what ?!?!?!



A workaround i at the bottom


# host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

Host google.com not found: 2(SERVFAIL)
[root@rn6 etc]# systemctl status named-chroot.service
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2021-06-13 01:39:12 PDT; 1min 12s ago Process: 32167 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checki> Process: 32170 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS) 
   Main PID: 32171 (named)
      Tasks: 14 (limit: 19025)
     Memory: 97.2M
        CPU: 180ms
     CGroup: /system.slice/named-chroot.service
└─32171 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable resolving 'com/DS/IN': 2001:503:c27::2:30#53 Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable resolving 'com/DS/IN': 2001:500:1::53#53 Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable resolving 'com/DS/IN': 2001:500:2::c#53 Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable resolving 'com/DS/IN': 2001:500:200::b#53 Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable resolving 'com/DS/IN': 2001:500:12::d0d#53 Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable resolving 'com/DS/IN': 2001:500:9f::42#53 Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable resolving 'com/DS/IN': 2001:7fd::1#53 Jun 13 01:40:05 rn6.abc.local named[32171]: validating com/DS: no valid signature found Jun 13 01:40:05 rn6.abc.local named[32171]: no valid RRSIG resolving 'com/DS/IN': 192.36.148.17#53 Jun 13 01:40:05 rn6.abc.local named[32171]: broken trust chain resolving 'google.com/A/IN': 208.67.220.220#53 


Found in /var/log/messages:
Jun 13 01:43:12 rn6 named[32171]: validating google.com/A: bad cache hit (com/DS) Jun 13 01:43:12 rn6 named[32171]: broken trust chain resolving 'google.com/A/IN': 208.67.220.220#53 


I added this to named.conf, options block:
      dnssec-validation no;

and it fixed it.

How do I fix it without  dnssec-validation no; ?

-T

# host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

google.com has address 172.217.6.78
google.com has IPv6 address 2607:f8b0:4005:80a::200e
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux