From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] DNS: Fall back to permissive mode if recursor mode is unavailable Date: Mon, 06 Mar 2017 21:00:09 +0000 Message-ID: <1488834009.24229.17.camel@ipfire.org> In-Reply-To: <1488824289.28849.2.camel@hughes.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1730974919310666198==" List-Id: --===============1730974919310666198== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, On Mon, 2017-03-06 at 12:18 -0600, Paul Simmons wrote: > On Sun, 2017-03-05 at 11:42 +0000, Michael Tremer wrote: > >=20 > > Hi, > >=20 > > can you confirm if unbound is running? > >=20 > > What is the output of /etc/init.d/unbound restart? > >=20 > > -Michael > >=20 > > >=20 > > > >=20 > > > > >=20 > > > > > ----<% snip %>---- > > > >=20 > > > > I have nightly commit c016773b9816ad9be4ffc8643c30457e87c094e3 > > > > available locally, and will beg my users for downtime to test. > > > >=20 > > > > Thank you, and best regards, > > > > Paul > > > >=20 > > > >=20 > > >=20 > > > Bad juju - build c016773b couldn't resolve any hosts (other than > > > those in "localdomain"). > > >=20 > > > Provider is "hughes.net" and is the only ISP available (no > > > hardlines > > > or other LOS/NLOS WISPs available). > > >=20 > > > Tried assigning DNS servers 74.113.60.185 and 156.154.70.1 - no > > > change. > > >=20 > > > Paul > > >=20 >=20 > Sorry for the lllooonnnggg delay - had to get a testing time window. >=20 > Unbound was indeed running - verified with "/etc/init.d/unbound status" >=20 > Command and output from "restart": >=20 > # /etc/init.d/unbound restart > Stopping Unbound DNS > Proxy...=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0[=C2=A0=C2=A0OK=C2=A0=C2=A0] > Starting Unbound DNS > Proxy...=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0[=C2=A0=C2=A0OK=C2=A0=C2=A0] > Ignoring broken upstream name server(s): 74.113.60.185 > 156.154.70.1=C2=A0=C2=A0=C2=A0=C2=A0[ WARN ] > Falling back to recursor > mode=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0[ WARN ] So, can you remind me what your provider does again? Is any access to other n= ame servers forbidden? If so the updated script should have detected that and sho= uld not have activated the recursor mode. Could you manually execute the following commands from the console of IPFire = for me? =C2=A0 dig @198.41.0.4 +dnssec SOA . The dot at the end is important. What is the output of it? Best, -Michael >=20 >=20 > Thank you, > Paul --===============1730974919310666198== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSll2YzNaQUFvSkVJQjU4UDl2a0FrSDRCNFAvaS9Yc2xpN0QrM0Vxb1M1MTNITUtLdVMK Y3J5NEw4U0RON3AvSHl5NkVYR214clVBc0pXcm9zTjFJSDQ5bUY2UGdFbmkybk9XbDNiV0dCZDZx VUlFeStmSgpLWWdQVi9xdSt6cHhPNDBiY2VvY3hRdXpackRjdFBCbE5ZUXMvNG9QcXkybEpTOFlq YWRpVXU3ZmpqOStFZVVpCjZ2emY2elc0N0xEMVhFT0oxQ0Q5SEs3bjB0emVzc3kxZnljRGNwYjlk cWE2emZla3J4Q2o0VXc1bm5rSitGbGUKbjFoRTg0aWtpSGdaeHM1QVMyRlFJS0NVYThIdzRmNzNs SHhsUnQ0ZDlXdHUxdTlXenhPUnVSbVd4MTBONTlsQQpQN3U1bkIvMHM1Q1UvMlFGWTNPODh5NDhq T3dCcmtMdEtsL2tsR1RrVnJ5czZyZW9pODhaT1Vud04rTy85azExClNzY3AwMVZ3b2ZJSGh3NXFi RVhpVTNIUzAyc3pwOENvclAzM3RPbGRXZzUxQlUwUk5KM2ZwblpHOFAyNjFWL1YKekx6QXJwSXdD MC90eHhUUHU3Z1BYUkgwU3VCM0ZFNzFhazhFNENvbTJxdVRjd3ZsR1JYbElmS092RVVtRHNiTApQ MWJrOGFGK2ZTYkVzdTZaMWJDWmdBaHRZRzczZ3J3VTdWQkJURFlxOWk3Wmc4UkdsUTFIYjdpYTll VGttNnloClJNUDNYOVhrWGUzek5rckV4QUlpWEE3UHgyQWtGTjgxUk1rVXdGUG5IOGFoT25qd0Yx ai9OWnlZUnJGa0krMXcKM3pTNUZ5VFhOZjh4eit2ZHppdHNkL1V4NjY5aGhMNVZjOEZqemR3ODZT V3QvWVNCNkp1N1JhVGFkYy9aMTFaYQpYSjdtT3VBd1l6cEZ6Q25VTndXQgo9SGVkTQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============1730974919310666198==--