I was a little premature in saying thins started working. It seems to
be very hit and miss. Wireshark shows many dns requests as refused, but
then they start to work for a while and then start failing again.
If I run dig cnn.com from my secondary dns server I get:
; <<>> DiG 9.16.33-RH <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 43912
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;cnn.com. IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 27 09:57:17 PST 2022
;; MSG SIZE rcvd: 36
host cnn.com results in
Host cnn.com not found: 5(REFUSED)
nslookup
> server 192.168.10.66
Default server: 192.168.10.66
Address: 192.168.10.66#53
> cnn.com
Server: 192.168.10.66
Address: 192.168.10.66#53
** server can't find cnn.com: REFUSED
>server 192.168.10.5
Default server: 192.168.10.5
Address: 192.168.10.5#53
> cnn.com
Server: 192.168.10.5
Address: 192.168.10.5#53
Non-authoritative answer:
Name: cnn.com
Address: 151.101.195.5
<others deleted for brevity>
If I run
host cnn.com on the primary dns server (192.168.10.66) addresses resolve.
cnn.com has address 151.101.195.5
cnn.com has address 151.101.3.5
cnn.com has address 151.101.131.5
cnn.com has address 151.101.67.5
.
.
running
nslookup
> server 192.168.10.66
Default server: 192.168.10.66
Address: 192.168.10.66#53
> cnn.com
Server: 192.168.10.66
Address: 192.168.10.66#53
** server can't find cnn.com: REFUSED
>
on my F35 system lookups work because according to resolvectl the
current dns server is the secondary
resolvectl
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 192.168.10.66
DNS Servers: 192.168.10.66
Link 2 (enp0s20f0u5u2u1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS
DNSSEC=no/unsupported
Current DNS Server: 192.168.10.5
DNS Servers: 192.168.10.66 192.168.10.5
DNS Domain: homenet172-16-96.com homenet192-10.com
homenet192-100.com
homenet192-203.com
I have no clue as to what to do to make the lookups work with both the
primary and secondary dns servers.
Paolo
On 11/27/22 07:55, Jeffrey Walton wrote:
On Sun, Nov 27, 2022 at 10:45 AM Paolo Galtieri <pgaltieri@xxxxxxxxx> wrote:
I just upgraded from fedora 36 to 37. There were no errors reported but
after the update I get:
dnf list all
Adobe Systems Incorporated 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'adobe-linux-x86_64':
- Curl error (6): Couldn't resolve host name for
http://linuxdownload.adobe.com/linux/x86_64/repodata/repomd.xml [Could
not resolve host: linuxdownload.adobe.com]
Error: Failed to download metadata for repo 'adobe-linux-x86_64': Cannot
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors
were tried
Fedora 37 - x86_64 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'fedora':
- Curl error (6): Couldn't resolve host name for
https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64
[Could not resolve host: mirrors.fedoraproject.org]
Error: Failed to download metadata for repo 'fedora': Cannot prepare
internal mirrorlist: Curl error (6): Couldn't resolve host name for
https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64
[Could not resolve host: mirrors.fedoraproject.org]
host mirrors.fedoraproject.org
host: error while loading shared libraries: libjemalloc.so.2: cannot
open shared object file: No such file or directory
libjemalloc.so.2 is found in /opt/nessus/lib/nessus/libjemalloc.so.2
I removed the Nessus package and it removed all these packages:
Nessus-8.15.1-fc20.x86_64 bind-32:9.18.8-1.fc37.x86_64
bind-chroot-32:9.18.8-1.fc37.x86_64
bind-dnssec-utils-32:9.18.8-1.fc37.x86_64
bind-libs-32:9.18.8-1.fc37.x86_64 bind-license-32:9.18.8-1.fc37.noarch
bind-utils-32:9.18.8-1.fc37.x86_64 freeipmi-1.6.10-1.fc37.x86_64
fstrm-0.6.1-5.fc37.x86_64 inxi-3.3.23-1.fc37.noarch
ipmitool-1.8.18-26.fc37.x86_64 perl-Cpanel-JSON-XS-4.32-1.fc37.x86_64
perl-JSON-XS-1:4.03-8.fc37.x86_64
perl-Types-Serialiser-1.01-7.fc37.noarch
perl-XML-Dumper-0.81-45.fc37.noarch
perl-common-sense-3.7.5-10.fc37.x86_64
xrandr-1.5.1-5.fc37.x86_64
After this, running
host cnn.com
results in:
host: error while loading shared libraries: libisc-9.18.8.so: cannot
open shared object file: No such file or directory
I got around the problem by specifying the hostname to ip address
translation in /etc/hosts.
This allowed me to update packages, one of which was to install
jemalloc, and allowed me to re-install the above packages, but I can't
get dns to work on this system which happens to be my local dns server.
Fortunately I have a secondary dns server.
running dig cnn.com
results in
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
; <<>> DiG 9.18.8 <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51775
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;cnn.com. IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sun Nov 27 07:39:07 PST 2022
;; MSG SIZE rcvd: 36
Has anybody else experienced similar issues, and know how to fix this?
There is one other system I want to update to F37 but it happens to be
my secondary dns server.
I've upgraded 4 machines and 2 servers to F37 without incident.
However, I followed
https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/ .
Maybe you can go through the dnf-system-upgrade doc and follow the
section on "Resolving post-upgrade issues"?
Also take a look at `dnf repolist`. Everything should say F37. I think
it is odd you are still using old repos, like for F20. `dnf repoquery
--unsatisfied` may help.
Jeff
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
