I was a little premature in saying thins started working. It seems to
be very hit and miss. Wireshark shows many dns requests as refused, but
then they start to work for a while and then start failing again.
If I run dig
cnn.com from my secondary dns server I get:
; <<>> DiG 9.16.33-RH <<>>
cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 43912
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;cnn.com. IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 27 09:57:17 PST 2022
;; MSG SIZE rcvd: 36
host
cnn.com results in
Host
cnn.com not found: 5(REFUSED)
nslookup
server 192.168.10.66
Default server: 192.168.10.66
Address: 192.168.10.66#53
Server: 192.168.10.66
Address: 192.168.10.66#53
** server can't find
cnn.com: REFUSED
server 192.168.10.5
Default server: 192.168.10.5
Address: 192.168.10.5#53
Server: 192.168.10.5
Address: 192.168.10.5#53
Non-authoritative answer:
Name:
cnn.com
Address: 151.101.195.5
<others deleted for brevity>
If I run
host
cnn.com on the primary dns server (192.168.10.66) addresses resolve.
cnn.com has address 151.101.195.5
cnn.com has address 151.101.3.5
cnn.com has address 151.101.131.5
cnn.com has address 151.101.67.5
.
.
running
nslookup
server 192.168.10.66
Default server: 192.168.10.66
Address: 192.168.10.66#53
Server: 192.168.10.66
Address: 192.168.10.66#53
** server can't find
cnn.com: REFUSED
on my F35 system lookups work because according to resolvectl the
current dns server is the secondary
resolvectl
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 192.168.10.66
DNS Servers: 192.168.10.66
Link 2 (enp0s20f0u5u2u1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS
DNSSEC=no/unsupported
Current DNS Server: 192.168.10.5
DNS Servers: 192.168.10.66 192.168.10.5
DNS Domain:
homenet172-16-96.com homenet192-10.com
homenet192-100.com
homenet192-203.com
I have no clue as to what to do to make the lookups work with both the
primary and secondary dns servers.
Paolo
On 11/27/22 07:55, Jeffrey Walton wrote:
On Sun, Nov 27, 2022 at 10:45 AM Paolo Galtieri
<pgaltieri(a)gmail.com> wrote:
> I just upgraded from fedora 36 to 37. There were no errors reported but
> after the update I get:
>
> dnf list all
> Adobe Systems Incorporated 0.0 B/s | 0 B 00:00
> Errors during downloading metadata for repository 'adobe-linux-x86_64':
> - Curl error (6): Couldn't resolve host name for
>
http://linuxdownload.adobe.com/linux/x86_64/repodata/repomd.xml [Could
> not resolve host:
linuxdownload.adobe.com]
> Error: Failed to download metadata for repo 'adobe-linux-x86_64': Cannot
> download repomd.xml: Cannot download repodata/repomd.xml: All mirrors
> were tried
> Fedora 37 - x86_64 0.0 B/s | 0 B 00:00
> Errors during downloading metadata for repository 'fedora':
> - Curl error (6): Couldn't resolve host name for
>
https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64
> [Could not resolve host:
mirrors.fedoraproject.org]
> Error: Failed to download metadata for repo 'fedora': Cannot prepare
> internal mirrorlist: Curl error (6): Couldn't resolve host name for
>
https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64
> [Could not resolve host:
mirrors.fedoraproject.org]
>
>
> host
mirrors.fedoraproject.org
> host: error while loading shared libraries: libjemalloc.so.2: cannot
> open shared object file: No such file or directory
>
> libjemalloc.so.2 is found in /opt/nessus/lib/nessus/libjemalloc.so.2
>
> I removed the Nessus package and it removed all these packages:
>
> Nessus-8.15.1-fc20.x86_64 bind-32:9.18.8-1.fc37.x86_64
> bind-chroot-32:9.18.8-1.fc37.x86_64
> bind-dnssec-utils-32:9.18.8-1.fc37.x86_64
> bind-libs-32:9.18.8-1.fc37.x86_64 bind-license-32:9.18.8-1.fc37.noarch
> bind-utils-32:9.18.8-1.fc37.x86_64 freeipmi-1.6.10-1.fc37.x86_64
> fstrm-0.6.1-5.fc37.x86_64 inxi-3.3.23-1.fc37.noarch
> ipmitool-1.8.18-26.fc37.x86_64 perl-Cpanel-JSON-XS-4.32-1.fc37.x86_64
> perl-JSON-XS-1:4.03-8.fc37.x86_64
> perl-Types-Serialiser-1.01-7.fc37.noarch
> perl-XML-Dumper-0.81-45.fc37.noarch
> perl-common-sense-3.7.5-10.fc37.x86_64
> xrandr-1.5.1-5.fc37.x86_64
>
> After this, running
>
> host
cnn.com
>
> results in:
>
> host: error while loading shared libraries: libisc-9.18.8.so: cannot
> open shared object file: No such file or directory
>
> I got around the problem by specifying the hostname to ip address
> translation in /etc/hosts.
>
> This allowed me to update packages, one of which was to install
> jemalloc, and allowed me to re-install the above packages, but I can't
> get dns to work on this system which happens to be my local dns server.
> Fortunately I have a secondary dns server.
>
> running dig
cnn.com
>
> results in
>
> ;; communications error to 127.0.0.53#53: timed out
> ;; communications error to 127.0.0.53#53: timed out
>
> ; <<>> DiG 9.18.8 <<>>
cnn.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51775
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 65494
> ;; QUESTION SECTION:
> ;cnn.com. IN A
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
> ;; WHEN: Sun Nov 27 07:39:07 PST 2022
> ;; MSG SIZE rcvd: 36
>
>
> Has anybody else experienced similar issues, and know how to fix this?
>
> There is one other system I want to update to F37 but it happens to be
> my secondary dns server.
I've upgraded 4 machines and 2 servers to F37 without incident.
However, I followed
https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/ .
Maybe you can go through the dnf-system-upgrade doc and follow the
section on "Resolving post-upgrade issues"?
Also take a look at `dnf repolist`. Everything should say F37. I think
it is odd you are still using old repos, like for F20. `dnf repoquery
--unsatisfied` may help.
Jeff
_______________________________________________
users mailing list -- users(a)lists.fedoraproject.org
To unsubscribe send an email to users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue