So i used bind9 in a small server with multiple NICs in order to setup a cache-only recursive DNS server for my home network.
Unfortunately its not working, meaning DNS queries from the hosts connected to the network return empty. Even if i query within the dns server i still get empty responses.
It only works when i enable forwarding option and adding google's DNS servers.
I have done this setup many times in the past but this time doesnt want to work and i am not sure why.
Bellow you may find my configs and some log files.
bind version:
BIND 9.10.3-P4-Debian <id:ebd72b3>
Confign_file:
options {
directory "/var/cache/bind";
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
auth-nxdomain no; # conform to RFC1035
listen-on { 127.0.0.1; 192.168.100.1; 192.168.200.1; };
recursion yes;
allow-recursion { trusted; };
allow-query { trusted; };
allow-query-cache { trusted; };
allow-transfer { none; };
# Only works When forwarding is enabled.
#forwarders {
# 8.8.8.8;
# 8.8.4.4;
#};
};
acl "trusted" {
192.168.100.0/24;
192.168.200.0/24;
127.0.0.0/24;
};
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category query-errors { bind_log; };
category lame-servers { bind_log; };
};
enabled zones:
cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "labion" {
type master;
file "/etc/bind/zones/db.labion";
};
dns test (within the dns server machine):
dig google.com @127.0.0.1
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 70 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 17 12:08:01 CEST 2020
;; MSG SIZE rcvd: 39
trace test:
dig +trace @127.0.0.1 google.com
; <<>> DiG 9.10.3-P4-Debian <<>> +trace @127.0.0.1 google.com
; (1 server found)
;; global options: +cmd
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
;; Received 28 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 1 ms
Log:
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:22.358 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:22.359 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:22.360 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nexus.officeapps.live.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:22.360 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:22.361 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:22.361 query-errors: debug 1: client 192.168.100.50#53456 (nexus.officeapps.live.com): query failed (SERVFAIL) for nexus.officeapps.live.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:23.870 queries: info: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query: nv5live.westeurope.cloudapp.azure.com IN A + (192.168.100.1)
17-May-2020 12:08:23.871 resolver: debug 1: fetch: nv5live.westeurope.cloudapp.azure.com/A
17-May-2020 12:08:23.871 resolver: debug 1: fetch: ./NS
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.41.0.4#53
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.41.0.4#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.203.230.10#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.203.230.10#53
17-May-2020 12:08:23.880 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 193.0.14.129#53
17-May-2020 12:08:23.880 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fd::1#53
17-May-2020 12:08:23.881 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 193.0.14.129#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.112.36.4#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.112.36.4#53
17-May-2020 12:08:23.885 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:23.888 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fd::1#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.5.5.241#53
17-May-2020 12:08:23.891 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.5.5.241#53
17-May-2020 12:08:23.892 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.893 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.894 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:dc3::35#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.895 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:dc3::35#53
17-May-2020 12:08:23.897 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:3::42#53
17-May-2020 12:08:23.899 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.97.190.53#53
17-May-2020 12:08:23.899 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:1::53#53
17-May-2020 12:08:23.900 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:3::42#53
17-May-2020 12:08:23.901 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.97.190.53#53
17-May-2020 12:08:23.901 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:1::53#53
17-May-2020 12:08:23.902 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.33.4.12#53
17-May-2020 12:08:23.903 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2::c#53
17-May-2020 12:08:23.904 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.33.4.12#53
17-May-2020 12:08:23.904 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:23.905 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.36.148.17#53
17-May-2020 12:08:23.905 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fe::53#53
17-May-2020 12:08:23.907 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.36.148.17#53
17-May-2020 12:08:23.907 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:23.908 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.91.13#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.910 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.91.13#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.911 query-errors: debug 1: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query failed (SERVFAIL) for nv5live.westeurope.cloudapp.azure.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:30.625 queries: info: client 192.168.100.50#63673 (lapitopia.labion): query: lapitopia.labion IN A + (192.168.100.1)
17-May-2020 12:08:30.629 queries: info: client 192.168.100.50#63166 (lapitopia.labion): query: lapitopia.labion IN AAAA + (192.168.100.1)
UPDATE: It seems that i cannot communicate with the root servers which is something weird. Could this be my new ISP doing? how can i figure this out?
root@mordor:~# dig +bufsize=1200 +norec NS . @a.root-servers.net
; <<>> DiG 9.10.3-P4-Debian <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1119
;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; Query time: 1 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun May 17 15:17:17 CEST 2020
;; MSG SIZE rcvd: 17
root@mordor:~#
However ,i was able to directly query one of the root "." servers
root@mordor:~# host L.ROOT-SERVERS.NET.
l.root-servers.net has address 199.7.83.42
L.ROOT-SERVERS.NET has IPv6 address 2001:500:9f::42
root@mordor:~# dig google.com @199.7.83.42
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @199.7.83.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20382
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 50 IN A 172.217.169.174
;; AUTHORITY SECTION:
google.com. 6520 IN NS ns3.gOoGLE.com.
google.com. 6520 IN NS ns4.gOoGLE.com.
google.com. 6520 IN NS ns1.gOoGLE.com.
google.com. 6520 IN NS ns2.gOoGLE.com.
;; Query time: 17 msec
;; SERVER: 199.7.83.42#53(199.7.83.42)
;; WHEN: Sun May 17 15:26:13 CEST 2020
;; MSG SIZE rcvd: 336
So does this means bind root zones are not configured properly?
0 Answers