Issues:
1. Unbound errors on every lookup:
/var/log/messages displaying:
. . . unbound [2740]: ... validation failure <domain_suffix> MX IN
. . .
. . . unbound [2740]: ... validation failure <domain_suffix> A IN
2. Dig is not resolving domains/servers:
...
<missing Answer section>
...
;; SERVER: 127.0.0.1#53(127.0.0.1)
...
Resolution:
1. Verified /etc/unbound/unbound.conf:
a. Checked service status:
$ sudo systemctl status unbound.service
<verify active/running>
b. Performed syntax check:
$ sudo unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
c. Checked ports listening on 53:
$ sudo netstat -nltup | grep -E ':53 |unbound|dnsmasq'
<verify all used by <pid>/unbound>
2. Verified NetworkManager config:
$ nmtui
<verified set-up to 127.0.0.1 for DNS, and is only entry>
3. Checked eFa IP Settings:
a. Load eFa configuration menu and verify IP Settings (4):
$ sudo eFa-Configure
--- https://www.efa-project.org ---
--------------------------------------------------------------
You are currently running eFa-5.0.0-11.
Please choose an option:
0) Logout from ssh 10) Apache Settings
1) Shell 11) Virus Settings
2) Reboot system 12) System Restore
3) Halt system 13) Update Now
4) IP Settings 14) Maintenance Mode
5) Tunables 15) Let's Encrypt
6) MailWatch Settings 16) DKIM and DMARC
7) Mail Settings 17) Webmin
8) Spam Settings 18) Fail2Ban
9) MariaDB Recovery 19) Auto-Backup settings
[eFa] : 4
b. Verify the IP Settings page:
...
1) IPV4 METHOD : : manual
2) IPV6 METHOD : disabled : disabled
3) IP : 10.108.102.20 : 10.108.102.20
4) Netmask : 24 : 24
5) Gateway : 10.108.102.1 : 10.108.102.1
6) Use IPv6 DNS : no : no
7) IPv6 IP : -- : --
...
10) DNS Recursion : ENABLED : ENABLED
11) Primary DNS : :
12) Secondary DNS : :
13) Hostname : efa2 : efa2
14) Domain Name : mindwatering.net : mindwatering.net
Note:
- On the IP Settings page. the current (first column) was empty and not set to manual
- Take the (Y) option/suggestion to set to manual
- Afterwards, choose (e) option to return to menu.
c. Reboot:
Back on the main menu, choose 2) Reboot system option
4. After reboot, verified DNS is working:
$ dig joshua.mindwatering.com
...
;; ANSWER SECTION:
joshua.mindwatering.com. 300 IN A 70...
...
;; SERVER: 127.0.0.1#53(127.0.0.1)
...
_____
Local resolv.conf repair:
- Check if systemd-resolved is using port 53
$ sudo ss -tulpn | grep :53
<if not just unbound, proceed to next step>
- If so, disable its stub listener
$ sudo mkdir -p /etc/systemd/resolved.conf.d
$ sudo tee /etc/systemd/resolved.conf.d/no-stub.conf << 'EOF'
[Resolve]
DNSStubListener=no
EOF
- Restart systemd-resolved
$ sudo systemctl restart systemd-resolved
# Point /etc/resolv.conf to Unbound
$ sudo rm /etc/resolv.conf
$ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
previous page
|