On Sun, Nov 27, 2022 at 1:10 PM Paolo Galtieri <pgaltieri(a)gmail.com> wrote:
I was a little premature in saying thins started working. It seems to
be very hit and miss. Wireshark shows many dns requests as refused, but
then they start to work for a while and then start failing again.
If I run dig
cnn.com from my secondary dns server I get:
; <<>> DiG 9.16.33-RH <<>>
cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 43912
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;cnn.com. IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 27 09:57:17 PST 2022
;; MSG SIZE rcvd: 36
host
cnn.com results in
Host
cnn.com not found: 5(REFUSED)
nslookup
> server 192.168.10.66
Default server: 192.168.10.66
Address: 192.168.10.66#53
>
cnn.com
Server: 192.168.10.66
Address: 192.168.10.66#53
** server can't find
cnn.com: REFUSED
>server 192.168.10.5
Default server: 192.168.10.5
Address: 192.168.10.5#53
>
cnn.com
Server: 192.168.10.5
Address: 192.168.10.5#53
Non-authoritative answer:
Name:
cnn.com
Address: 151.101.195.5
<others deleted for brevity>
If I run
host
cnn.com on the primary dns server (192.168.10.66) addresses resolve.
cnn.com has address 151.101.195.5
cnn.com has address 151.101.3.5
cnn.com has address 151.101.131.5
cnn.com has address 151.101.67.5
.
.
running
nslookup
> server 192.168.10.66
Default server: 192.168.10.66
Address: 192.168.10.66#53
>
cnn.com
Server: 192.168.10.66
Address: 192.168.10.66#53
** server can't find
cnn.com: REFUSED
>
on my F35 system lookups work because according to resolvectl the
current dns server is the secondary
resolvectl
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 192.168.10.66
DNS Servers: 192.168.10.66
Link 2 (enp0s20f0u5u2u1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS
DNSSEC=no/unsupported
Current DNS Server: 192.168.10.5
DNS Servers: 192.168.10.66 192.168.10.5
DNS Domain:
homenet172-16-96.com homenet192-10.com
homenet192-100.com
homenet192-203.com
I have no clue as to what to do to make the lookups work with both the
primary and secondary dns servers.
These are the steps I would take....
1. make sure the machines are up to date.
2. relabel the file system. This requires updated
selinx policies, so (1) must succeed.
At step (2) perform the following and reboot:
* # fixfiles -B onboot
Since you have already followed the dnf-system-upgrade docs, I don't
expect (2) to fix the problem.
If the problem is still present after (2), then disable selinux for
troubleshooting:
3. # setenforce 0
Then re-evaluate the situation.
Jeff