Non-recursive DNS not working on new install

Bugs in eFa 4
Post Reply
mph
Posts: 7
Joined: 09 Oct 2018 08:40

Non-recursive DNS not working on new install

Post by mph »

I installed a new system running CentOS 7.8.2003, over PXE using build script 20190323.
It rebooted and I logged in and ran through first-time configure.
I selected non-recursive DNS option, entered my 2 x internal DNS IPs (which both showed on summary screen).
The system rebooted again, I logged in but cannot resolve anything:

Code: Select all

[root@efa ~]# ping google.com
ping: google.com: Name or service not known
Contents of /etc/resolv.conf:

Code: Select all

# Generated by NetworkManager
search mydomain.com
nameserver 127.0.0.1
nameserver ::1
I noticed unbound was not running, with these errors:

Code: Select all

May 18 18:15:24 efa3.enspecpower.com unbound-checkconf[1225]: [1589822124] unbound-checkconf[1225:0] error: cannot parse forward . ip address: 'forward-addr:'
May 18 18:15:24 efa3.enspecpower.com unbound-checkconf[1225]: [1589822124] unbound-checkconf[1225:0] fatal error: Could not set forward zones
I checked the config files...
Contents of /etc/unbound/conf.d/forwarders.conf

Code: Select all

forward-zone:
  name: "."
  forward-addr:
  forward-addr:
Nothing there, so I logged in as admin and chose option 4) IP Settings
My 2 x DNS servers had disappeared, so I re-entered them, and noticed they now appeared in the forwarders.conf file above.
I started unbound, and it is now running, but I still cannot resolve anything, and I get lots of these errors:

Code: Select all

May 18 21:47:01 efa3 unbound: [12928:2] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
May 18 21:47:01 efa3 unbound: [12928:2] info: validation failure ipv4.efa-project.org. A IN
I re-checked the contents of /etc/resolv.conf, and noticed the nameserver entries have now disappeared:

Code: Select all

# Generated by NetworkManager
search mydomain.com
So I manually edited and put the 2 nameserver lines back in as above.
Still cannot resolve anything, so I re-edited and put my 2 x DNS servers in.

Now I can resolve.

What's going on? and why doesn't this work "out of the box"?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Non-recursive DNS not working on new install

Post by shawniverson »

Hi, which way did you set this up, was it through the web interface or the console?

Looks like a bug to me...
mph
Posts: 7
Joined: 09 Oct 2018 08:40

Re: Non-recursive DNS not working on new install

Post by mph »

The console.
mph
Posts: 7
Joined: 09 Oct 2018 08:40

Re: Non-recursive DNS not working on new install

Post by mph »

Update: so I installed a new system, but this time configured using the web interface...

This time, unbound starts and the /etc/unbound/conf.d/forwarders.conf file contains my 2 x internal DNS:

Code: Select all

forward-zone:
  name: "."
  forward-addr: 192.168.10.31
  forward-addr: 192.168.10.32
The contents of /etc/resolv.conf contains my domain and localhost:

Code: Select all

# Generated by NetworkManager
search enspecpower.com
nameserver 127.0.0.1
nameserver ::1
however I still cannot resolve:

Code: Select all

[root@efa1 ~]# ping google.com
ping: google.com: Name or service not known
which means setup cannot continue...

Code: Select all

May 19 11:42:02 efa1 root: eFa Post Init: No Internet access detected over IPV4!  Please fix me to finish initializing eFa.  Retrying in 1 minute...
and I still get DNS errors:

Code: Select all

May 19 11:40:14 efa1 unbound: [1292:3] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
May 19 11:41:01 efa1 unbound: [1292:2] info: validation failure ipv4.efa-project.org. A IN
If I manually edit /etc/resolv.conf and put my internal DNS in there, I can now resolve and setup continues...

So... why do we need to use unbound when configuring non-recursive DNS?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Non-recursive DNS not working on new install

Post by shawniverson »

Unbound does the dns caching locally, even when forwarding. This enhances lookup performance. We need to see why unbound isn't working in your setup. I also need to address the bug in your first attempt...
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Non-recursive DNS not working on new install

Post by shawniverson »

Issues fixed and will be uploaded later today for new builds. Thank you for the feedback.
Post Reply