almost, but no seegar,...

i and continuing to have dig lookups for linuxlighthouse.com a  is timing out(refused or servfail)

anyone see my misconfiguration??
one error i need to address, my domain is 'linuxlighthouse.com'

i have mistakenly tried to include ws.linuxlighthouse.com & www.linuxlighthouse.com in my certificates..

i am missing the record to define www.<linuxlighthouse.com> ?

tia, jackc...

#   Name Server: NS3.ATTDNS.COM
#   Name Server: WS.LINUXLIGHTHOUSE.COM

nmap -sS 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:07 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0020s latency).
Not shown: 993 closed ports
PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
443/tcp   open  https
631/tcp   open  ipp
5000/tcp  open  upnp
8200/tcp  open  trivnet1
20005/tcp open  btx

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
[root@ws named$ netstat -tapnl | grep named
tcp        0      0 10.0.0.101:53           0.0.0.0:*               LISTEN      20563/named        
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      20563/named        
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      20563/named        
tcp6       0      0 :::53                   :::*                    LISTEN      20563/named        
tcp6       0      0 ::1:953                 :::*                    LISTEN      20563/named  

nmap -A -T4 -p53 108.220.213.121  
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:10 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0013s latency).

PORT   STATE SERVICE VERSION
53/tcp open  domain  (generic dns response: NOTIMP)
| fingerprint-strings:
|   DNSVersionBindReqTCP:
|     version
|_    bind
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.80%I=7%D=4/30%Time=608C645D%P=x86_64-redhat-linux-gnu%r(
SF:DNSVersionBindReqTCP,20,"\0\x1e\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07vers
SF:ion\x04bind\0\0\x10\0\x03")%r(DNSStatusRequestTCP,E,"\0\x0c\0\0\x90\x04
SF:\0\0\0\0\0\0\0\0");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|WAP|phone|storage-misc|proxy server|media device
Running (JUST GUESSING): Linux 4.X|2.6.X|3.X (93%), Linksys embedded (93%), Google Android 4.4.X (92%), Synology DiskStation Manager 5.X (91%), WebSense embedded (90%), BlackBox embedded (90%)
OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel cpe:/h:linksys:ea3500 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.16 cpe:/o:google:android:4.4.0 cpe:/a:synology:diskstation_manager:5.2
Aggressive OS guesses: Linux 4.4 (93%), Linksys EA3500 WAP (93%), Linux 2.6.18 - 2.6.32 (93%), Linux 3.16 (93%), Android 4.4.0 (92%), Linux 3.2 - 4.9 (92%), Linux 2.6.32 - 3.10 (91%), Linux 2.6.32 (91%), Linux 2.6.32 - 2.6.35 (91%), Linux 2.6.32 - 3.5 (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

TRACEROUTE (using port 53/tcp)
HOP RTT     ADDRESS
1   0.87 ms ws (108.220.213.121)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.84 seconds


nmap -A -T4 -sU -p53 108.220.213.121
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-30 13:12 PDT
Nmap scan report for ws (108.220.213.121)
Host is up (0.0013s latency).

PORT   STATE SERVICE VERSION
53/udp open  domain  (generic dns response: NOTIMP)
| fingerprint-strings:
|   DNSVersionBindReq:
|     version
|     bind
|   NBTStat:
|_    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-UDP:V=7.80%I=7%D=4/30%Time=608C64C1%P=x86_64-redhat-linux-gnu%r(
SF:DNSVersionBindReq,1E,"\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07version\x04bi
SF:nd\0\0\x10\0\x03")%r(DNSStatusRequest,C,"\0\0\x90\x04\0\0\0\0\0\0\0\0")
SF:%r(NBTStat,32,"\x80\xf0\x80\x15\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAA
SF:AAAAAAAAAAAAAA\0\0!\0\x01");
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

TRACEROUTE (using port 53/udp)
HOP RTT     ADDRESS
1   1.56 ms ws (108.220.213.121)


netstat -nap | grep named
tcp        0      0 10.0.0.101:53           0.0.0.0:*               LISTEN      20563/named        
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      20563/named        
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      20563/named        
tcp6       0      0 :::53                   :::*                    LISTEN      20563/named        
tcp6       0      0 ::1:953                 :::*                    LISTEN      20563/named        
udp        0      0 192.168.122.1:53        0.0.0.0:*                           20563/named        
udp        0      0 10.0.0.101:53           0.0.0.0:*                           20563/named        
udp        0      0 127.0.0.1:53            0.0.0.0:*                           20563/named        
udp6       0      0 :::53                   :::*                                20563/named        
unix  2      [ ]         STREAM     CONNECTED     130890   20563/named          
unix  2      [ ]         DGRAM                    130887   20563/named

On Fri, Apr 23, 2021 at 7:37 PM Ed Greshko <ed.greshko@greshko.com> wrote:
On 24/04/2021 10:29, Jack Craig wrote:
> ok, done. now we have, ....
>
>
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: using 7 UDP listeners per interface
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv6 interfaces, port 53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv4 interface lo, 127.0.0.1#53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv4 interface eno1, 10.0.0.101#53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: listening on IPv4 interface virbr0, 192.168.122.1#53
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: command channel listening on 127.0.0.1#953
> Apr 23 19:25:59 ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> named[6483]: command channel listening on ::1#953

And I see.....

Nmap scan report for ws.linuxlighthouse.com (108.220.213.121)
Host is up (0.16s latency).
Not shown: 997 filtered ports
PORT    STATE SERVICE
53/tcp  open  domain
80/tcp  open  http
443/tcp open  https

And I get

[egreshko@meimei ~]$ host cnn.com 108.220.213.121
Using domain server:
Name: 108.220.213.121
Address: 108.220.213.121#53
Aliases:

Host cnn.com not found: 5(REFUSED)

Which is correct since your named.conf currently contains

         allow-query     { localhost; };

So, at least your server is now contactable from the Internet.  So you can go about adding in the zones
you need as well as the access you want to allow.

--
Remind me to ignore comments which aren't germane to the thread.
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure