On 6/13/21 1:29 AM, ToddAndMargo via users wrote:
On 6/12/21 11:39 PM, ToddAndMargo via users wrote:
Oh poop! Figured it out!
# systemctl status named-chroot.service
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service;
enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-06-12 14:49:05 PDT; 8h ago
Process: 11410 ExecStartPre=/bin/bash -c if [ !
"$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t
/var/named/chroot -z "$NAMEDCONF"; else echo "Checki>
Process: 11446 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF}
-t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 11452 (named)
Tasks: 14 (limit: 19025)
Memory: 141.5M
CPU: 14.612s
CGroup: /system.slice/named-chroot.service
└─11452 /usr/sbin/named -u named -c /etc/named.conf -t
/var/named/chroot
I was starting the wrong named !!!!!!!
# systemctl disable daemon_name.service
Fixed the problem
Freaking FC34 upgrade disabled named-chroot on me!
Sorry for putting your guys through all this. Thank
you all for the tips!
-T
Okay, now I am REALLY confused!!!
# host 8.8.8.8 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host 8.8.8.8.in-addr.arpa not found: 2(SERVFAIL)
This is my /etc/resolv.conf (same as in FC33):
# cat /etc/resolv.conf
# Generated by NetworkManager
search abc.local
nameserver 127.0.0.1
# nameserver 8.8.8.8
Now what ?!?!?!
A workaround i at the bottom
# host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host google.com not found: 2(SERVFAIL)
[root@rn6 etc]# systemctl status named-chroot.service
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service;
enabled; vendor preset: disabled)
Active: active (running) since Sun 2021-06-13 01:39:12 PDT; 1min
12s ago
Process: 32167 ExecStartPre=/bin/bash -c if [ !
"$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t
/var/named/chroot -z "$NAMEDCONF"; else echo "Checki>
Process: 32170 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF}
-t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 32171 (named)
Tasks: 14 (limit: 19025)
Memory: 97.2M
CPU: 180ms
CGroup: /system.slice/named-chroot.service
└─32171 /usr/sbin/named -u named -c /etc/named.conf -t
/var/named/chroot
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:503:c27::2:30#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:1::53#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:2::c#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:200::b#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:12::d0d#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:500:9f::42#53
Jun 13 01:40:05 rn6.abc.local named[32171]: network unreachable
resolving 'com/DS/IN': 2001:7fd::1#53
Jun 13 01:40:05 rn6.abc.local named[32171]: validating com/DS: no valid
signature found
Jun 13 01:40:05 rn6.abc.local named[32171]: no valid RRSIG resolving
'com/DS/IN': 192.36.148.17#53
Jun 13 01:40:05 rn6.abc.local named[32171]: broken trust chain resolving
'google.com/A/IN': 208.67.220.220#53
Found in /var/log/messages:
Jun 13 01:43:12 rn6 named[32171]: validating google.com/A: bad cache hit
(com/DS)
Jun 13 01:43:12 rn6 named[32171]: broken trust chain resolving
'google.com/A/IN': 208.67.220.220#53
I added this to named.conf, options block:
dnssec-validation no;
and it fixed it.
How do I fix it without dnssec-validation no; ?
-T
# host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
google.com has address 172.217.6.78
google.com has IPv6 address 2607:f8b0:4005:80a::200e
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure