On Tue, 2017-09-19 at 07:45 -0500, David Jones wrote:
On 09/18/2017 06:03 PM, Chris wrote:
[snip]
localhost dnsmasq[2323]: started, version 2.75 cachesize 150
localhost dnsmasq[2323]: compile time options: IPv6 GNU-getopt DBus
i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-
detect inotify
localhost dnsmasq-dhcp[2323]: DHCP, IP range 192.168.122.2 --
192.168.122.254, lease time 1h
localhost dnsmasq-dhcp[2323]: DHCP, sockets bound exclusively to
interface virbr0
localhost dnsmasq[2323]: reading /etc/resolv.conf
localhost dnsmasq[2323]: using nameserver 127.0.0.1#53
localhost dnsmasq[2323]: using nameserver 127.0.0.1#53
localhost dnsmasq[2323]: read /etc/hosts - 7 addresses
localhost dnsmasq[2323]: read
/var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
localhost dnsmasq-dhcp[2323]: read
/var/lib/libvirt/dnsmasq/default.hostsfile
I'm not really running a mail server in the true sense of the word
I
believe. Fetchmail queries my email accounts and pipes the messages
through procmail. Anything that doesn't already have a recipe is
run
through SA. I'm just using Bind to speed up the queries that SA
makes.
I believe I'm stating that correctly but who knows could be way
off.
If I can give any other information I'll be glad to do it. Again, I
have no idea why the queries are going to 168.150.251.35. There
hasn't
been another query to isipp since a bit after noon. I'll see what
happens the next time there is one.
Run 'netstat -tunlap | grep ":53 "' and see what is listening on port
53
as your DNS server. You probably need to remove/uninstall dnsmasq.
Here's my output:
# netstat -tunlap | grep ":53 "
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 24019/pdns_recursor
udp 0 0 127.0.0.1:53 0.0.0.0:*
24019/pdns_recursor
Once you know you are only running named on port 53, then make sure
your
named.conf doesn't have any forwarders defined in the options
section.
Now check your logs and see if you are still getting a lot of
refused
responses. BIND should be doing full recursive lookups directly to
the
authoritative DNS servers just like you saw with the "dig +trace"
command.
David, here's my output. I ran as sudo to see all inclusive:
sudo netstat -tunlap | grep ":53"
[sudo] password for chris:
tcp 0 0
192.168.122.1:53 0.0.0.0:* LISTEN 1245/named
tcp 0 0
127.0.1.1:53 0.0.0.0:* LISTEN 1316/dnsmas
q
tcp 0 0
192.168.0.51:53 0.0.0.0:* LISTEN 1245/named
tcp 0 0
127.0.0.1:53 0.0.0.0:* LISTEN 1245/named
tcp 0 0
192.168.0.51:56697 192.52.178.30:53 TIME_WAIT -
tcp 1 1
192.168.0.51:33475 198.97.190.53:53 CLOSING -
tcp 0 0
192.168.0.51:52483 192.5.6.30:53 TIME_WAIT -
tcp 0 0
192.168.0.51:57335 192.5.6.30:53 TIME_WAIT -
tcp 0 0
192.168.0.51:56609 192.52.178.30:53 TIME_WAIT -
tcp 0 0
192.168.0.51:36143 199.19.56.1:53 TIME_WAIT -
tcp 0 0
192.168.0.51:47629 199.7.83.42:53 TIME_WAIT -
tcp 0 0
192.168.0.51:58201 192.48.79.30:53 TIME_WAIT -
tcp 0 0
192.168.0.51:53145 199.19.56.1:53 TIME_WAIT -
tcp 0 0
192.168.0.51:55073 199.7.83.42:53 TIME_WAIT -
tcp 0 0
192.168.0.51:41719 192.48.79.30:53 TIME_WAIT -
tcp 1 1
192.168.0.51:40633 198.97.190.53:53 CLOSING -
udp 0 0
192.168.122.1:53 0.0.0.0:* 2323/dnsmas
q
udp 0 0
192.168.122.1:53 0.0.0.0:* 1245/named
udp 0 0
127.0.1.1:53 0.0.0.0:* 1316/dnsmas
q
udp 0 0
192.168.0.51:53 0.0.0.0:* 1245/named
udp 0 0
127.0.0.1:53 0.0.0.0:* 1245/named
udp 0 0
0.0.0.0:5353 0.0.0.0:* 1533/snapwe
b
udp 0 0
0.0.0.0:5353 0.0.0.0:* 1004/avahi-
daemon:
udp6 0 0
:::5353 :::* 1533/snapwe
b
udp6 0 0
:::5353 :::* 1004/avahi-
daemon:
Chris
