Re: ,Re: caching does not seem to be working for internal view
On Wed, 3 Aug 2022 15:10:39 -0400 Timothe Litt wrote: > Hmm. Your resolv.conf says that it's written by NetworkManager. > > What I suggested should have stopped it from updating resolv.conf. > > See > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/manually-configuring-the-etc-resolv-conf-file_configuring-and-managing-networking > > After restarting the service, did you edit (or replace) resolv.conf to > remove the AT&T address? > > If not, stop here & edit the file. > > If so, perhaps some other manager is editing the file without replacing > the comment. > > Check to see if resolv.conf is a symlink - some managers (e.g. > systemd-resolved) will do that. Not sure when/if it found its way to > centos (I don't run it), but if it's there, systemctl stop & disable > it. It would be running on 127.0.0.53:53, but it usually points > resolv.conf to itself. > > The other managers that I know of aren't in redhat distributions. > > You may need to use auditing to identify what is writing the file. > > Timothe Litt > ACM Distinguished Engineer "Helpful" software such as NetworkManager has a habit of getting in the way of figuring out what is wrong with systems, especially networked ones. Since none of the 8 computers on my home LAN are ever used in different locations, I don't use NetworkManager (etc.): I don't see why such add-ons are useful unless the computer is used on multiple networks. But distros install a lot of stuff in an attempt to "simplify" Linux for newbies. (Even Windows, which now may have more millions of experienced users than brand new users, acts as if no one has ever used a computer before.) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ,Re: caching does not seem to be working for internal view
Hmm. Your resolv.conf says that it's written by NetworkManager. What I suggested should have stopped it from updating resolv.conf. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/manually-configuring-the-etc-resolv-conf-file_configuring-and-managing-networking After restarting the service, did you edit (or replace) resolv.conf to remove the AT&T address? If not, stop here & edit the file. If so, perhaps some other manager is editing the file without replacing the comment. Check to see if resolv.conf is a symlink - some managers (e.g. systemd-resolved) will do that. Not sure when/if it found its way to centos (I don't run it), but if it's there, systemctl stop & disable it. It would be running on 127.0.0.53:53, but it usually points resolv.conf to itself. The other managers that I know of aren't in redhat distributions. You may need to use auditing to identify what is writing the file. Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. On 03-Aug-22 14:39, Robert Moskowitz wrote: On 8/3/22 12:59, Timothe Litt wrote: Try echo -e "[main]\ndns=none" > /etc/NetworkManager/conf.d/no-dns.conf systemctl restart NetworkManager.service Same content in resolv.conf. BTW this is on Centos7. Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. On 03-Aug-22 12:36, Robert Moskowitz wrote: On 8/3/22 11:35, Timothe Litt wrote: On 03-Aug-22 10:53, bind-users-requ...@lists.isc.org wrote: # cat resolv.conf My server is 23.123.122.146. That IPv6 addr is my ATT router. You don't want to do that. The ATT router will not know how to resolve internal names. There is no guarantee that your client resolver will try nameservers in order. If you want a backup, run a second instance of named. As for the intermittent issues with resolving external names, that's frequently a case of hitting different nameservers. Or a firewall. Get rid of the ATT router first. Then as suggested, a packet trace will show what happens (if it still does - it could be that the ATT router's resolver is at fault). Thank you for your advice. my ifcfg-eth0 has: DEVICE="eth0" BOOTPROTO=none ONBOOT="yes" TYPE="Ethernet" NAME="eth0" MACADDR=02:67:15:00:00:02 MTU=1500 DNS1=23.123.122.146 GATEWAY="23.123.122.158" IPADDR="23.123.122.146" NETMASK="255.255.255.240" IPV6INIT="yes" And I am ASSuMEing that it is that IPV6INIT that is providing that IPv6 addr in resolv.cat. So I added: DNS2=192.168.224.2 And now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 ARGH! I want the IPv6 addr from my firewall/gateway. But I don't want that IPv6 nameserver! So I added the IPv6 address for my server. I had not done this as ATT has said there is no assurance with the IPv6 addresses may change. So I added: DNS3=2600:1700:9120:4330::49 and now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 2600:1700:9120:4330::49 Sigh. I have to take that dynamic IPv6 assignment. But I want to stop it pushing into my resolv.conf. OpenPGP_signature Description: OpenPGP digital signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ,Re: caching does not seem to be working for internal view
On 8/3/22 12:59, Timothe Litt wrote: Try echo -e "[main]\ndns=none" > /etc/NetworkManager/conf.d/no-dns.conf systemctl restart NetworkManager.service Same content in resolv.conf. BTW this is on Centos7. Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. On 03-Aug-22 12:36, Robert Moskowitz wrote: On 8/3/22 11:35, Timothe Litt wrote: On 03-Aug-22 10:53, bind-users-requ...@lists.isc.org wrote: # cat resolv.conf My server is 23.123.122.146. That IPv6 addr is my ATT router. You don't want to do that. The ATT router will not know how to resolve internal names. There is no guarantee that your client resolver will try nameservers in order. If you want a backup, run a second instance of named. As for the intermittent issues with resolving external names, that's frequently a case of hitting different nameservers. Or a firewall. Get rid of the ATT router first. Then as suggested, a packet trace will show what happens (if it still does - it could be that the ATT router's resolver is at fault). Thank you for your advice. my ifcfg-eth0 has: DEVICE="eth0" BOOTPROTO=none ONBOOT="yes" TYPE="Ethernet" NAME="eth0" MACADDR=02:67:15:00:00:02 MTU=1500 DNS1=23.123.122.146 GATEWAY="23.123.122.158" IPADDR="23.123.122.146" NETMASK="255.255.255.240" IPV6INIT="yes" And I am ASSuMEing that it is that IPV6INIT that is providing that IPv6 addr in resolv.cat. So I added: DNS2=192.168.224.2 And now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 ARGH! I want the IPv6 addr from my firewall/gateway. But I don't want that IPv6 nameserver! So I added the IPv6 address for my server. I had not done this as ATT has said there is no assurance with the IPv6 addresses may change. So I added: DNS3=2600:1700:9120:4330::49 and now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 2600:1700:9120:4330::49 Sigh. I have to take that dynamic IPv6 assignment. But I want to stop it pushing into my resolv.conf. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ,Re: caching does not seem to be working for internal view
On 8/3/22 13:10, Anand Buddhdev wrote: On 03/08/2022 18:36, Robert Moskowitz wrote: Hi Robert, [snip] ARGH! I want the IPv6 addr from my firewall/gateway. But I don't want that IPv6 nameserver! Calm down. Just add "PEERDNS=no" in your ifcfg-eth0 file. This way, the resolv.conf file will only contain your specified DNS servers, and nothing else. I was excited to see this simple approach. did systemctl restart NetworkManager.service And no change. :( I will try Timothe's recommendation next. BTW, it seems on top of everything else my fiber connect was going south to the point that firefox browsing was interspersed by the ATT firewall with a message to reset my fiber broadband router! That has helped. Some. Multiple failings which is often the case. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ,Re: caching does not seem to be working for internal view
On 03/08/2022 18:36, Robert Moskowitz wrote: Hi Robert, [snip] ARGH! I want the IPv6 addr from my firewall/gateway. But I don't want that IPv6 nameserver! Calm down. Just add "PEERDNS=no" in your ifcfg-eth0 file. This way, the resolv.conf file will only contain your specified DNS servers, and nothing else. Regards, Anand -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ,Re: caching does not seem to be working for internal view
Try echo -e "[main]\ndns=none" > /etc/NetworkManager/conf.d/no-dns.conf systemctl restart NetworkManager.service Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. On 03-Aug-22 12:36, Robert Moskowitz wrote: On 8/3/22 11:35, Timothe Litt wrote: On 03-Aug-22 10:53, bind-users-requ...@lists.isc.org wrote: # cat resolv.conf My server is 23.123.122.146. That IPv6 addr is my ATT router. You don't want to do that. The ATT router will not know how to resolve internal names. There is no guarantee that your client resolver will try nameservers in order. If you want a backup, run a second instance of named. As for the intermittent issues with resolving external names, that's frequently a case of hitting different nameservers. Or a firewall. Get rid of the ATT router first. Then as suggested, a packet trace will show what happens (if it still does - it could be that the ATT router's resolver is at fault). Thank you for your advice. my ifcfg-eth0 has: DEVICE="eth0" BOOTPROTO=none ONBOOT="yes" TYPE="Ethernet" NAME="eth0" MACADDR=02:67:15:00:00:02 MTU=1500 DNS1=23.123.122.146 GATEWAY="23.123.122.158" IPADDR="23.123.122.146" NETMASK="255.255.255.240" IPV6INIT="yes" And I am ASSuMEing that it is that IPV6INIT that is providing that IPv6 addr in resolv.cat. So I added: DNS2=192.168.224.2 And now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 ARGH! I want the IPv6 addr from my firewall/gateway. But I don't want that IPv6 nameserver! So I added the IPv6 address for my server. I had not done this as ATT has said there is no assurance with the IPv6 addresses may change. So I added: DNS3=2600:1700:9120:4330::49 and now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 2600:1700:9120:4330::49 Sigh. I have to take that dynamic IPv6 assignment. But I want to stop it pushing into my resolv.conf. OpenPGP_signature Description: OpenPGP digital signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ,Re: caching does not seem to be working for internal view
On 8/3/22 11:35, Timothe Litt wrote: On 03-Aug-22 10:53, bind-users-requ...@lists.isc.org wrote: # cat resolv.conf My server is 23.123.122.146. That IPv6 addr is my ATT router. You don't want to do that. The ATT router will not know how to resolve internal names. There is no guarantee that your client resolver will try nameservers in order. If you want a backup, run a second instance of named. As for the intermittent issues with resolving external names, that's frequently a case of hitting different nameservers. Or a firewall. Get rid of the ATT router first. Then as suggested, a packet trace will show what happens (if it still does - it could be that the ATT router's resolver is at fault). Thank you for your advice. my ifcfg-eth0 has: DEVICE="eth0" BOOTPROTO=none ONBOOT="yes" TYPE="Ethernet" NAME="eth0" MACADDR=02:67:15:00:00:02 MTU=1500 DNS1=23.123.122.146 GATEWAY="23.123.122.158" IPADDR="23.123.122.146" NETMASK="255.255.255.240" IPV6INIT="yes" And I am ASSuMEing that it is that IPV6INIT that is providing that IPv6 addr in resolv.cat. So I added: DNS2=192.168.224.2 And now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 ARGH! I want the IPv6 addr from my firewall/gateway. But I don't want that IPv6 nameserver! So I added the IPv6 address for my server. I had not done this as ATT has said there is no assurance with the IPv6 addresses may change. So I added: DNS3=2600:1700:9120:4330::49 and now: # cat /etc/resolv.conf # Generated by NetworkManager search attlocal.net htt-consult.com nameserver 23.123.122.146 nameserver 192.168.224.2 nameserver 2600:1700:9120:4330::1 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 2600:1700:9120:4330::49 Sigh. I have to take that dynamic IPv6 assignment. But I want to stop it pushing into my resolv.conf. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users