Hello, I have a CentOS Linux release 7.7.1908 (Core) server with ISPConfig Version: 3.1.15p2, and I followed https://www.howtoforge.com/tutorial...php-pureftpd-postfix-dovecot-and-ispconfig/2/ But when I configure bind with named.conf given: Code: // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-recursion {"none";}; recursion no; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.conf.local"; I have these errors in systemctl status named: Code: oct. 23 22:31:55 server.abc.com named[23289]: client @0x7f9ac41d5290 127.0.0.1#56867 (GnrFbL4c.fresh15.spameatingmonkey.net): query (cache) 'GnrFbL4c.fresh15.spameatingmonkey.net/A/IN' denied oct. 23 22:31:58 server.abc.com named[23289]: client @0x7f9ac41d5290 127.0.0.1#40784 (1.0.0.127.bip.virusfree.cz): query (cache) '1.0.0.127.bip.virusfree.cz/A/IN' denied oct. 23 22:32:02 server.abc.com named[23289]: client @0x7f9ac41d5290 127.0.0.1#43021 (1.0.0.127.bl.blocklist.de): query (cache) '1.0.0.127.bl.blocklist.de/A/IN' denied oct. 23 22:32:07 server.abc.com named[23289]: client @0x7f9ac41d5290 127.0.0.1#53438 (1.0.0.127.email.rspamd.com): query (cache) '1.0.0.127.email.rspamd.com/A/IN' denied oct. 23 22:32:08 server.abc.com named[23289]: client @0x7f9ac41d5290 127.0.0.1#49621 (1.0.0.127.bl.ipv6.spameatingmonkey.net): query (cache) '1.0.0.127.bl.ipv6.spameatingmonkey.net/A/IN' denied oct. 23 22:32:13 server.abc.com named[23289]: client @0x7f9ac41d5290 127.0.0.1#40784 (1.0.0.127.ebl.msbl.org): query (cache) '1.0.0.127.ebl.msbl.org/A/IN' denied oct. 23 22:32:15 server.abc.com named[23289]: client @0x7f9ac41d5290 127.0.0.1#53316 (8OGi6uUH.dbl.spamhaus.org): query (cache) '8OGi6uUH.dbl.spamhaus.org/A/IN' denied Is there any problem with configuration file in this tutorial? I can't download roundcube installation file from my server because it's blocked with this error, I have to put back original configuration to work properly. Thank you for your help.
no The lines you posted are not related to your problem in any way, these are DNS queries issued by rspamd to RBL lists and they must return denied. Please post the exact error that you get on the shell when you try to download roundcube.
Of course, downloading roundcube was an example. Here is log about this : [root@server tmp]# wget https:// github.com/ roundcube/roundcubemail/releases/download/1.3.10/roundcubemail-1.3.10-complete.tar.gz --2019-10-24 10:03:25-- https:// github.com/ roundcube/roundcubemail/releases/download/1.3.10/roundcubemail-1.3.10-complete.tar.gz Résolution de github.com (github.com)... échec: Nom ou service inconnu. wget : impossible de résoudre l'adresse de l'hôte «github.com» systemctl status named: Code: oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40e3930 127.0.0.1#42042 (github.com): query (cache) 'github.com/A/IN' denied oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40bce40 127.0.0.1#42042 (github.com): query (cache) 'github.com/AAAA/IN' denied oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40d5190 127.0.0.1#42042 (github.com): query (cache) 'github.com/AAAA/IN' denied oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40bce40 127.0.0.1#42042 (github.com): query (cache) 'github.com/A/IN' denied oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40bce40 127.0.0.1#37085 (github.com.abc.com): query (cache) 'github.com.abc.com/A/IN' denied oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40d5190 127.0.0.1#37085 (github.com.abc.com): query (cache) 'github.com.abc.com/AAAA/IN' denied oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40bce40 127.0.0.1#37085 (github.com.abc.com): query (cache) 'github.com.abc.com/AAAA/IN' denied oct. 24 10:04:53 server.abc.com named[1139]: client @0x7f05e40e3930 127.0.0.1#37085 (github.com.abc.com): query (cache) 'github.com.abc.com/A/IN' denied /etc/resolv.conf: nameserver 127.0.0.1 Thank you for your help.
[root@server tmp]# cat /etc/resolv.conf nameserver 8.8.8.8 #nameserver 127.0.0.1 Code: [root@server tmp]# wget https:// github.com /roundcube/roundcubemail/releases/download/1.3.10/roundcubemail-1.3.10-complete.tar.gz --2019-10-24 11:36:10-- https:// github.com /roundcube/roundcubemail/releases/download/1.3.10/roundcubemail-1.3.10-complete.tar.gz Résolution de github.com (github.com)... 140.82.118.4 Connexion vers github.com (github.com)|140.82.118.4|:443...connecté. requête HTTP transmise, en attente de la réponse...302 Found Emplacement: https://github-production-release-asset-2e65be.s3.amazonaws.com/4224042/f316fe00-c9d8-11e9-831c-eecff6f4bfac?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20191024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191024T093611Z&X-Amz-Expires=300&X-Amz-Signature=5e93b484c123a65e649896dd46d7c54199c5c5457acbac1e0d63993fe4b3c7b0&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Droundcubemail-1.3.10-complete.tar.gz&response-content-type=application%2Foctet-stream [suivant] --2019-10-24 11:36:11-- https://github-production-release-asset-2e65be.s3.amazonaws.com/4224042/f316fe00-c9d8-11e9-831c-eecff6f4bfac?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20191024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191024T093611Z&X-Amz-Expires=300&X-Amz-Signature=5e93b484c123a65e649896dd46d7c54199c5c5457acbac1e0d63993fe4b3c7b0&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Droundcubemail-1.3.10-complete.tar.gz&response-content-type=application%2Foctet-stream Résolution de github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.137.212 Connexion vers github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.137.212|:443...connecté. requête HTTP transmise, en attente de la réponse...200 OK Longueur: 5495189 (5,2M) [application/octet-stream] Sauvegarde en : «roundcubemail-1.3.10-complete.tar.gz» 100%[===================================================================================================================================================================================================>] 5 495 189 5,30MB/s ds 1,0s 2019-10-24 11:36:12 (5,30 MB/s) - «roundcubemail-1.3.10-complete.tar.gz» sauvegardé [5495189/5495189]
Can't help there, I've never used that tutorial offhand. Your most recent wget command shows that you successfully downloaded roundcube after setting a working dns server in resolv.conf. Is there another issue here that I overlooked? You downloaded roundcube, so now you just need to continue with the tutorial, or ??
Downloading roundcube is not the problem. Of course I can download it when I modify named.conf with original file. All I say is when I put named.conf file with the one in tutorial for CentOS 7.6, it doesn't work. Server cannot resolve domain name. Another example, every emails received are tagged as spam by rspamd because bind cannot resolve domain name: MX_MISSING Domain has no resolvable MX (3.5) [query refused] HFILTER_FROMHOST_NORES_A_OR_MX FROM host no resolve to A or MX (1.5) [gmx.fr] HFILTER_HELO_IP_A Helo A IP != hostname IP (1) [mout.gmx.net] Same mail with original named.conf: R_DKIM_ALLOW (-0.2) [gmx.net:s=badeba3b8450] R_SPF_ALLOW (-0.2) [+ip4:212.227.17.0/27] MIME_GOOD (-0.1) [text/plain] MX_GOOD (-0.01) [mx00.emig.gmx.net,mx01.emig.gmx.net] And it's exactly same email, same outgoing server to my ispconfig server. Difference is named.conf file.
Test your name service is working properly. There is Tutorial: https://www.howtoforge.com/tutorial/setting-up-your-own-name-service-with-ispconfig/#nbsptesting It is for setting up name service with ISPConfig, but ignore that part and use the testing chapters to verify your name service is OK.
Hello and Happy new year. I would like to provide usefull info since a recently faced a similar issue where my centos 7 logs were full of such errors(not only rspamd domain of course): client @0x7f0cd012b730 127.0.0.1#52073 (maps.rspamd.com): query (cache) 'maps.rspamd.com/A/IN' denied After searching a lot and following all of the above directions, i can confirm the bind config was the default and the bind server was working correctly. I believe i found the solution in this post: https://www.virtualmin.com/node/39340 After adding in /etc/named.conf allow-query-cache { none; }; additional-from-auth no; additional-from-cache no; minimal-responses yes; Errors are gone. Btw i am not sure if there are iny other implications of these configs as i am not bind expert Br, Alexandros
