Re: on to letsencrypt

ok, done. now we have, ....

systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2021-04-23 19:25:59 PDT; 39s ago Process: 6480 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Process: 6482 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 6483 (named) Tasks: 11 (limit: 38336) Memory: 69.1M CPU: 139ms CGroup: /system.slice/named.service └─6483 /usr/sbin/named -u named -c /etc/named.conf

Apr 23 19:26:15 ws.linuxlighthouse.com named[6483]: client @0x7f455417fc20 38.145.60.13#38954 (ws.linuxlighthouse.com): que…' denied Apr 23 19:26:15 ws.linuxlighthouse.com named[6483]: client @0x7f455417fc20 38.145.60.13#55978 (linuxlighthouse.com): query …' denied Apr 23 19:26:15 ws.linuxlighthouse.com named[6483]: client @0x7f455417fc20 38.145.60.13#35236 (ws.linuxlighthouse.com): que…' denied Apr 23 19:26:15 ws.linuxlighthouse.com named[6483]: client @0x7f455417fc20 38.145.60.13#45456 (ws.linuxlighthouse.com): que…' denied Apr 23 19:26:16 ws.linuxlighthouse.com named[6483]: client @0x7f455417fc20 54.184.140.48#63353 (108-220-213-121.40.xiaofeng…' denied Apr 23 19:26:16 ws.linuxlighthouse.com named[6483]: client @0x7f453c0114b0 89.39.107.167#48830 (smtps.cartorel.fr): query (…' denied Apr 23 19:26:31 ws.linuxlighthouse.com named[6483]: client @0x7f455417fc20 172.217.40.66#60083 (ws.linuxlighthouse.com): qu…' denied Apr 23 19:26:32 ws.linuxlighthouse.com named[6483]: client @0x7f455417fc20 173.194.169.10#59596 (ws.linuxlighthouse.com): q…' denied Apr 23 19:26:32 ws.linuxlighthouse.com named[6483]: network unreachable resolving 'ssl.gstatic.com/AAAA/IN': 2001:4860:4802:38::a#53 Apr 23 19:26:38 ws.linuxlighthouse.com named[6483]: client @0x7f45541d8300 5.188.206.236#41644 (remote.basicuitvaartoosterh…' denied Hint: Some lines were ellipsized, use -l to show in full.

journalctl -b 0 | grep -i listen | grep named Apr 23 17:51:14 ws.linuxlighthouse.com named[3510]: using 7 UDP listeners per interface Apr 23 17:51:14 ws.linuxlighthouse.com named[3510]: listening on IPv4 interface lo, 127.0.0.1#53 Apr 23 17:51:14 ws.linuxlighthouse.com named[3510]: listening on IPv6 interface lo, ::1#53 Apr 23 17:51:14 ws.linuxlighthouse.com named[3510]: command channel listening on 127.0.0.1#953 Apr 23 17:51:14 ws.linuxlighthouse.com named[3510]: command channel listening on ::1#953 Apr 23 19:25:59 ws.linuxlighthouse.com named[3510]: no longer listening on 127.0.0.1#53 Apr 23 19:25:59 ws.linuxlighthouse.com named[3510]: no longer listening on ::1#53 Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: using 7 UDP listeners per interface Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: listening on IPv6 interfaces, port 53 Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: listening on IPv4 interface lo, 127.0.0.1#53 Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: listening on IPv4 interface eno1, 10.0.0.101#53 Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: listening on IPv4 interface virbr0, 192.168.122.1#53 Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: command channel listening on 127.0.0.1#953 Apr 23 19:25:59 ws.linuxlighthouse.com named[6483]: command channel listening on ::1#953 [root@ws ~$ netstat -nap | grep named tcp 0 0 10.0.0.101:53 0.0.0.0:* LISTEN 6483/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6483/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6483/named tcp6 0 0 :::53 :::* LISTEN 6483/named tcp6 0 0 ::1:953 :::* LISTEN 6483/named udp 0 0 192.168.122.1:53 0.0.0.0:* 6483/named udp 0 0 10.0.0.101:53 0.0.0.0:* 6483/named udp 0 0 127.0.0.1:53 0.0.0.0:* 6483/named udp6 0 0 :::53 :::* 6483/named unix 2 [ ] DGRAM 88018 6483/named

unix 2 [ ] STREAM CONNECTED 88021 6483/named

[root@ws ~$

On Fri, Apr 23, 2021 at 7:20 PM Ed Greshko ed.greshko@greshko.com wrote:

On 24/04/2021 10:13, Jack Craig wrote:

...

Maybe send your current named.conf?

attaching isnt happening for some reason so i'l need to inline it. it should be exactly as you sent me, pls yell if not so?

Ahhh..... the file you sent me contains exactly what it *should not* contain.

The file you sent me has...

options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; };

That will cause named to listen ONLY on the loopback interfaces.

Change that to be

options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; };

Or *remove* those lines.

Or change them to add the IP addresses of you interfaces.

-- Remind me to ignore comments which aren't germane to the thread. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure