No response from localhost with "allow-query { any; };"

Warren Kumari warren at kumari.net
Tue Sep 1 14:18:15 UTC 2020 

What is 'localhost'?

The output you included doesn't really show very much, other than that nc
connect to port 53.

I'd suggest:
dig ns5.lrau.net @localhost
dig ns5.lrau.net @127.0.0.1
dig ns5.lrau.net @::1

Also, have a look in /etc/hosts and make sure that you have something like:
127.0.0.1 localhost


(nc may be connecting over v4 and <whatever else you used to test> may be
doing v6, etc...)

W

On Tue, Sep 1, 2020 at 10:12 AM Axel Rau <Axel.Rau at chaos1.de> wrote:

> Hi!
>
> this is a new server, which answers external queries, sends notifies and
> pushes axfrs.
> It does not answer any query from localhost nor shows any notifies from
> master in the logs.
>
> From local:
> root at ns5:/ # nc -v localhost 53
> Connection to localhost 53 port [tcp/domain] succeeded!
> ^C
> root at ns5:/ # nc -vu localhost 53
> Connection to localhost 53 port [udp/domain] succeeded!
>
> From master server:
> [hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53
> Connection to ns5.lrau.net 53 port [tcp/domain] succeeded!
> ^C
> [hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53
> Connection to ns5.lrau.net 53 port [udp/domain] succeeded!
>
>
> Any help greatly appreciated,
> Axel
>
> PS:
>
> part of named.conf:
>         allow-notify {
>                 hermes-ns5;
>         };
>         allow-transfer {
>                 full-trusted;
>                 ns5-ping;
>                 ns4-he;
>                 management-hosts;
>         };
>         allow-query { any; };
>         allow-query-cache { recursive-users; };
>         allow-recursion { recursive-users; };
>
>
> root at ns5:/usr/local/etc/namedb/working/slave # named -V
> BIND 9.16.5 (Stable Release) <id:c00b458>
> running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC
> built by make with '--disable-linux-caps' '--localstatedir=/var'
> '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2'
> '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit'
> '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset'
> '--disable-geoip' '--without-maxminddb' '--without-gssapi'
> '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile'
> '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python'
> '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1'
> '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable'
> '--prefix=/usr/local' '--mandir=/usr/local/man'
> '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1'
> 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe
> -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include
> -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c
> -fstack-protector-strong ' 'LIBS=-L/usr/local/lib'
> 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp'
> 'PKG_CONFIG=pkgconf'
> compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1
> (tags/RELEASE_801/final 366581)
> compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd  10 Sep 2019
> linked to OpenSSL version: OpenSSL 1.1.1d-freebsd  10 Sep 2019
> compiled with libxml2 version: 2.9.10
> linked to libxml2 version: 20910
> compiled with json-c version: 0.14
> linked to json-c version: 0.15
> compiled with zlib version: 1.2.11
> linked to zlib version: 1.2.11
> threads support is enabled
>
> default paths:
>  named configuration:  /usr/local/etc/namedb/named.conf
>  rndc configuration:   /usr/local/etc/namedb/rndc.conf
>  DNSSEC root key:      /usr/local/etc/namedb/bind.keys
>  nsupdate session key: /var/run/named/session.key
>  named PID file:       /var/run/named/pid
>  named lock file:      /var/run/named/named.lock
>
> ---
> PGP-Key: CDE74120  ☀  computing @ chaos claudius
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200901/bbd08ada/attachment-0001.htm>

More information about the bind-users mailing list