Re: Upgrade to f37 left system in messed up state

Jeffrey Walton <noloader@xxxxxxxxx> · Sun, 27 Nov 2022 13:53:06 -0500

On Sun, Nov 27, 2022 at 1:10 PM Paolo Galtieri <pgaltieri@xxxxxxxxx> wrote:
>
> I was a little premature in saying thins started working.  It seems to
> be very hit and miss.  Wireshark shows many dns requests as refused, but
> then they start to work for a while and then start failing again.
>
> If I run dig cnn.com from my secondary dns server I get:
>
>
> ; <<>> DiG 9.16.33-RH <<>> cnn.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 43912
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 65494
> ;; QUESTION SECTION:
> ;cnn.com.            IN    A
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.53#53(127.0.0.53)
> ;; WHEN: Sun Nov 27 09:57:17 PST 2022
> ;; MSG SIZE  rcvd: 36
>
>
> host cnn.com results in
>
> Host cnn.com not found: 5(REFUSED)
>
> nslookup
>  > server 192.168.10.66
> Default server: 192.168.10.66
> Address: 192.168.10.66#53
>  > cnn.com
> Server:        192.168.10.66
> Address:    192.168.10.66#53
>
> ** server can't find cnn.com: REFUSED
>  >server 192.168.10.5
> Default server: 192.168.10.5
> Address: 192.168.10.5#53
>  > cnn.com
> Server:        192.168.10.5
> Address:    192.168.10.5#53
>
> Non-authoritative answer:
> Name:    cnn.com
> Address: 151.101.195.5
>
> <others deleted for brevity>
>
> If I run
>
> host cnn.com on the primary dns server (192.168.10.66) addresses resolve.
>
> cnn.com has address 151.101.195.5
> cnn.com has address 151.101.3.5
> cnn.com has address 151.101.131.5
> cnn.com has address 151.101.67.5
> .
> .
>
>
> running
>
> nslookup
>  > server 192.168.10.66
> Default server: 192.168.10.66
> Address: 192.168.10.66#53
>  > cnn.com
> Server:        192.168.10.66
> Address:    192.168.10.66#53
>
> ** server can't find cnn.com: REFUSED
>  >
>
> on my F35 system lookups work because according to resolvectl the
> current dns server is the secondary
>
> resolvectl
>
> Global
>           Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
>    resolv.conf mode: stub
> Current DNS Server: 192.168.10.66
>         DNS Servers: 192.168.10.66
>
> Link 2 (enp0s20f0u5u2u1)
>      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
>           Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS
> DNSSEC=no/unsupported
> Current DNS Server: 192.168.10.5
>         DNS Servers: 192.168.10.66 192.168.10.5
>          DNS Domain: homenet172-16-96.com homenet192-10.com
> homenet192-100.com
>                      homenet192-203.com
>
> I have no clue as to what to do to make the lookups work with both the
> primary and secondary dns servers.

These are the steps I would take....

  1. make sure the machines are up to date.
  2. relabel the file system. This requires updated
      selinx policies, so (1) must succeed.

At step (2) perform the following and reboot:

  * # fixfiles -B onboot

Since you have already followed the dnf-system-upgrade docs, I don't
expect (2) to fix the problem.

If the problem is still present after (2), then disable selinux for
troubleshooting:

  3. # setenforce 0

Then re-evaluate the situation.

Jeff
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue