You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
I was satting a forwarder and a Bind of my IP in the Corefile configuration.
I was able to use dig command to my internal zone but not to the external zones.
After a while debugging and checking that I was able to reach external forwarders using dig command, I found out that removing the bind line everything works.
There was no errors in the logs, just the DNS request was "refused" to external zone
Finally I found that in the Ubuntu server I was configuring AppArmor was enabled so coredns user can not bind any port under 1024 and that was the reason to fail.
What you expected to happen:
To drop a clear error about the issue and not able to bind the Ip in the logs
to create a AppArmor profile for the user coreDNS during installation or pointing to the manual to do it
How to reproduce it (as minimally and precisely as possible):
Install ubuntu apparmor enabled and basic installation with CoreDNS. Set a basic configuration where you set an external forwarder and bind a IP of your system. Send a request to this IP using dig and you will get refused without futrther explanations
Anything else we need to know?:
Environment:
the version of CoreDNS:
root@widns01:/etc/coredns# /usr/bin/coredns -version
CoreDNS-1.11.1
linux/amd64, go1.20.7, ae2bbc2
What happened:
I was satting a forwarder and a Bind of my IP in the Corefile configuration.
I was able to use dig command to my internal zone but not to the external zones.
After a while debugging and checking that I was able to reach external forwarders using dig command, I found out that removing the bind line everything works.
There was no errors in the logs, just the DNS request was "refused" to external zone
Finally I found that in the Ubuntu server I was configuring AppArmor was enabled so coredns user can not bind any port under 1024 and that was the reason to fail.
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Install ubuntu apparmor enabled and basic installation with CoreDNS. Set a basic configuration where you set an external forwarder and bind a IP of your system. Send a request to this IP using dig and you will get refused without futrther explanations
Anything else we need to know?:
Environment:
the version of CoreDNS:
root@widns01:/etc/coredns# /usr/bin/coredns -version
CoreDNS-1.11.1
linux/amd64, go1.20.7, ae2bbc2
Corefile:
.:53 {
bind 172.30.20.5
forward . 208.67.222.222 208.67.220.220
log
hosts {
reload 0
fallthrough
}
cache
errors
}
w.test.com:53 {
file /etc/coredns/w.test.db
log
errors
}
logs, if applicable:
OS (e.g:
cat /etc/os-release
):root@widns01:/etc/coredns# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
Others:
The text was updated successfully, but these errors were encountered: