Non-recursive DNS not working on new install
Posted: 18 May 2020 20:05
I installed a new system running CentOS 7.8.2003, over PXE using build script 20190323.
It rebooted and I logged in and ran through first-time configure.
I selected non-recursive DNS option, entered my 2 x internal DNS IPs (which both showed on summary screen).
The system rebooted again, I logged in but cannot resolve anything:
Contents of /etc/resolv.conf:
I noticed unbound was not running, with these errors:
I checked the config files...
Contents of /etc/unbound/conf.d/forwarders.conf
Nothing there, so I logged in as admin and chose option 4) IP Settings
My 2 x DNS servers had disappeared, so I re-entered them, and noticed they now appeared in the forwarders.conf file above.
I started unbound, and it is now running, but I still cannot resolve anything, and I get lots of these errors:
I re-checked the contents of /etc/resolv.conf, and noticed the nameserver entries have now disappeared:
So I manually edited and put the 2 nameserver lines back in as above.
Still cannot resolve anything, so I re-edited and put my 2 x DNS servers in.
Now I can resolve.
What's going on? and why doesn't this work "out of the box"?
It rebooted and I logged in and ran through first-time configure.
I selected non-recursive DNS option, entered my 2 x internal DNS IPs (which both showed on summary screen).
The system rebooted again, I logged in but cannot resolve anything:
Code: Select all
[root@efa ~]# ping google.com
ping: google.com: Name or service not known
Code: Select all
# Generated by NetworkManager
search mydomain.com
nameserver 127.0.0.1
nameserver ::1
Code: Select all
May 18 18:15:24 efa3.enspecpower.com unbound-checkconf[1225]: [1589822124] unbound-checkconf[1225:0] error: cannot parse forward . ip address: 'forward-addr:'
May 18 18:15:24 efa3.enspecpower.com unbound-checkconf[1225]: [1589822124] unbound-checkconf[1225:0] fatal error: Could not set forward zones
Contents of /etc/unbound/conf.d/forwarders.conf
Code: Select all
forward-zone:
name: "."
forward-addr:
forward-addr:
My 2 x DNS servers had disappeared, so I re-entered them, and noticed they now appeared in the forwarders.conf file above.
I started unbound, and it is now running, but I still cannot resolve anything, and I get lots of these errors:
Code: Select all
May 18 21:47:01 efa3 unbound: [12928:2] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
May 18 21:47:01 efa3 unbound: [12928:2] info: validation failure ipv4.efa-project.org. A IN
Code: Select all
# Generated by NetworkManager
search mydomain.com
Still cannot resolve anything, so I re-edited and put my 2 x DNS servers in.
Now I can resolve.
What's going on? and why doesn't this work "out of the box"?