What is 'localhost'? The output you included doesn't really show very much, other than that nc connect to port 53.
I'd suggest: dig ns5.lrau.net @localhost dig ns5.lrau.net @127.0.0.1 dig ns5.lrau.net @::1 Also, have a look in /etc/hosts and make sure that you have something like: 127.0.0.1 localhost (nc may be connecting over v4 and <whatever else you used to test> may be doing v6, etc...) W On Tue, Sep 1, 2020 at 10:12 AM Axel Rau <axel....@chaos1.de> wrote: > Hi! > > this is a new server, which answers external queries, sends notifies and > pushes axfrs. > It does not answer any query from localhost nor shows any notifies from > master in the logs. > > From local: > root@ns5:/ # nc -v localhost 53 > Connection to localhost 53 port [tcp/domain] succeeded! > ^C > root@ns5:/ # nc -vu localhost 53 > Connection to localhost 53 port [udp/domain] succeeded! > > From master server: > [hermes:local/etc/namedb] root# nc -v ns5.lrau.net 53 > Connection to ns5.lrau.net 53 port [tcp/domain] succeeded! > ^C > [hermes:local/etc/namedb] root# nc -vu ns5.lrau.net 53 > Connection to ns5.lrau.net 53 port [udp/domain] succeeded! > > > Any help greatly appreciated, > Axel > > PS: > > part of named.conf: > allow-notify { > hermes-ns5; > }; > allow-transfer { > full-trusted; > ns5-ping; > ns4-he; > management-hosts; > }; > allow-query { any; }; > allow-query-cache { recursive-users; }; > allow-recursion { recursive-users; }; > > > root@ns5:/usr/local/etc/namedb/working/slave # named -V > BIND 9.16.5 (Stable Release) <id:c00b458> > running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC > built by make with '--disable-linux-caps' '--localstatedir=/var' > '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' > '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' > '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' > '--disable-geoip' '--without-maxminddb' '--without-gssapi' > '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' > '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' > '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' > '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' > '--prefix=/usr/local' '--mandir=/usr/local/man' > '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' > 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe > -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include > -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c > -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' > 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' > 'PKG_CONFIG=pkgconf' > compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 > (tags/RELEASE_801/final 366581) > compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019 > linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019 > compiled with libxml2 version: 2.9.10 > linked to libxml2 version: 20910 > compiled with json-c version: 0.14 > linked to json-c version: 0.15 > compiled with zlib version: 1.2.11 > linked to zlib version: 1.2.11 > threads support is enabled > > default paths: > named configuration: /usr/local/etc/namedb/named.conf > rndc configuration: /usr/local/etc/namedb/rndc.conf > DNSSEC root key: /usr/local/etc/namedb/bind.keys > nsupdate session key: /var/run/named/session.key > named PID file: /var/run/named/pid > named lock file: /var/run/named/named.lock > > --- > PGP-Key: CDE74120 ☀ computing @ chaos claudius > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users