I am running CentOS 7.8. It is a local/closed network consisting of a couple vm's with a DNS server using dnsmasq on a third vm all with no access to the internet.
I have disabled libvertd and the virtual interface, the dnsmasq it implements, etc. We don't use NetworkManager so it is disabled. We don't use a local firewall.
here is my dnsmasq vm server configurationconfiguration:
DEVICE=eth0
ONBOOT=yes
HWADDR=00:50:56:xx:xx:44
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.005.97
NETMASK=255.255.255.0
#DNS1=192.168.005.10
#DNS2=192.168.005.24
DNS1=192.168.005.97
# cat /etc/sysconfig/network
GATEWAY=192.168.005.1
DNS1=192.168.005.97
# cat /etc/resolv.conf
search abc.net
nameserver 192.168.005.97
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.005.97 mydns.abc.net mydns mydns-adm.abc.net mydns-adm
192.168.005.80 myipa.abc.net myipa myipa-adm.abc.net myipa-adm
192.168.005.81 vm1.abc.net vm1 vm1-adm.abc.net vm1-adm
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.005.97 netmask 255.255.255.0 broadcast 192.168.005.255
inet6 fe80::250:56ff:fexx:xx44 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:xx:xx:44 txqueuelen 1000 (Ethernet)
RX packets 719 bytes 65867 (64.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 72879 (71.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# netstat -untlp | grep -w 53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3666/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 3666/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 3666/dnsmasq
udp6 0 0 :::53 :::* 3666/dnsmasq
Here are the results I'm getting
# nslookup -debug mydns
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
When I use the fully qualified domain name, the domain name is repeated.
nslookup -debug mydns.abc.net
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
------------
QUESTIONS:
mydns.abc.net.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net.abc.net: REFUSED
# dig mydns
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.3 <<>> mydns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydns. IN A
;; ANSWER SECTION:
mydns. 0 IN A 192.168.005.97
;; Query time: 0 msec
;; SERVER: 192.168.005.97#53(192.168.005.97)
;; WHEN: Tue Apr 20 15:36:52 UTC 2021
;; MSG SIZE rcvd: 51
What am I missing here?
According to Redhat the nslookup command had a bug and was fixed in version RHEL 7.7. The new default behavior for nslookup will now query for both IPV4 and IPV6 records.
Past nslookup's only query for IPV4 records, it is the querying of the IPV6 record that is causing the REFUSED response in my RHEL 7.8 environment.
The proper use for post 7.6 systems is to use the -query=A argument to nslookup searches.
e.g.
# nslookup -query=A mydns