Hi Axel, the `nc` commands you used for testing neither proves that it’s that specific `named` listening on that port nor DNS daemon at all. FWIW it could be a dummy UDP/TCP server and you would not know.
First you need to use a tool from your operating system to check what is listening on those ports, and then use `dig` (or other DNS debugging tool) to send actual DNS queries. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org > On 1. 9. 2020, at 16:11, Axel Rau <axel....@chaos1.de> wrote: > > Hi! > > this is a new server, which answers external queries, sends notifies and > pushes axfrs. > It does not answer any query from localhost nor shows any notifies from > master in the logs. > > From local: > root@ns5:/ # nc -v localhost 53 > Connection to localhost 53 port [tcp/domain] succeeded! > ^C > root@ns5:/ # nc -vu localhost 53 > Connection to localhost 53 port [udp/domain] succeeded! > > From master server: > [hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53 > Connection to ns5.lrau.net 53 port [tcp/domain] succeeded! > ^C > [hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53 > Connection to ns5.lrau.net 53 port [udp/domain] succeeded! > > > Any help greatly appreciated, > Axel > > PS: > > part of named.conf: > allow-notify { > hermes-ns5; > }; > allow-transfer { > full-trusted; > ns5-ping; > ns4-he; > management-hosts; > }; > allow-query { any; }; > allow-query-cache { recursive-users; }; > allow-recursion { recursive-users; }; > > > root@ns5:/usr/local/etc/namedb/working/slave # named -V > BIND 9.16.5 (Stable Release) <id:c00b458> > running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC > built by make with '--disable-linux-caps' '--localstatedir=/var' > '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' > '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' > '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' > '--disable-geoip' '--without-maxminddb' '--without-gssapi' > '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' > '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' > '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' > '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' > '--prefix=/usr/local' '--mandir=/usr/local/man' > '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' > 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe > -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include > -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c > -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG > -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf' > compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 > (tags/RELEASE_801/final 366581) > compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019 > linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019 > compiled with libxml2 version: 2.9.10 > linked to libxml2 version: 20910 > compiled with json-c version: 0.14 > linked to json-c version: 0.15 > compiled with zlib version: 1.2.11 > linked to zlib version: 1.2.11 > threads support is enabled > > default paths: > named configuration: /usr/local/etc/namedb/named.conf > rndc configuration: /usr/local/etc/namedb/rndc.conf > DNSSEC root key: /usr/local/etc/namedb/bind.keys > nsupdate session key: /var/run/named/session.key > named PID file: /var/run/named/pid > named lock file: /var/run/named/named.lock > > --- > PGP-Key: CDE74120 ☀ computing @ chaos claudius > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users