Sainik Biswas via bind-users
2021-04-30 12:20:46 UTC
Hi,
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
OS: Ubuntu 18.04 LTS
This is the named.conf.options config file for my caching name server
acl internalnetwork { 192.168.1.0/24; 192.168.58.0/24; };
options {
directory "/var/cache/bind";
dnssec-validation no;
listen-on { 127.0.0.1; 192.168.58.8; };
listen-on-v6 { none; };
recursion yes;
allow-recursion { internalnetwork; };
allow-query { internalnetwork; };
allow-transfer { none; };
};
logging {
channel named { file "named.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-category yes;
print-severity yes;};
channel security { file "security.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel dnssec { file "dnssec.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel resolver { file "resolver.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel query_log { file "query.log" versions 10 size
80M; severity debug; print-time iso8601-utc; print-severity yes; };
channel query-error { file "query-errors.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel lame_servers { file "lame-servers.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel capacity { file "capacity.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel rpz { file "rpz.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
category default { default_syslog; named; };
category general { default_syslog; named; };
category security { security; };
category queries { query_log; };
category lame-servers { lame_servers;};
category dnssec { dnssec; };
category edns-disabled { default_syslog; };
category config { default_syslog; named; };
category resolver { resolver; };
category edns-disabled { resolver; };
category cname { resolver; };
category serve-stale { resolver; };
category spill { capacity; };
category rate-limit { capacity; };
category database { capacity; };
category client { default_syslog; named; };
category network { default_syslog; named; };
category unmatched { named; };
category client { named; };
category network { named; };
category delegation-only { named;};
category dispatch { named; };
category trust-anchor-telemetry { named; };
category rpz { rpz;};
};
Error Log [lame-servers.log]
2021-04-30T11:53:25.385Z info: FORMERR resolving './NS/IN': 202.12.27.33#53
2021-04-30T11:53:25.389Z info: FORMERR resolving './NS/IN': 193.0.14.129#53
2021-04-30T11:53:25.393Z info: FORMERR resolving './NS/IN': 192.36.148.17#53
2021-04-30T11:53:25.405Z info: FORMERR resolving './NS/IN': 198.97.190.53#53
2021-04-30T11:53:25.409Z info: FORMERR resolving './NS/IN': 192.112.36.4#53
2021-04-30T11:53:25.413Z info: FORMERR resolving './NS/IN': 199.7.91.13#53
2021-04-30T11:53:25.417Z info: FORMERR resolving './NS/IN': 198.41.0.4#53
2021-04-30T11:53:25.421Z info: FORMERR resolving './NS/IN': 192.58.128.30#53
2021-04-30T11:53:25.425Z info: FORMERR resolving './NS/IN': 192.33.4.12#53
2021-04-30T11:53:25.425Z info: FORMERR resolving './NS/IN': 192.5.5.241#53
2021-04-30T11:53:25.429Z info: FORMERR resolving './NS/IN': 199.7.83.42#53
2021-04-30T11:53:25.437Z info: FORMERR resolving './NS/IN':
192.203.230.10#53
2021-04-30T11:53:25.441Z info: FORMERR resolving './NS/IN': 199.9.14.201#53
Error Log [resolver.log]
2021-04-30T11:58:17.784Z notice: DNS format error from 198.41.0.4#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.788Z notice: DNS format error from 193.0.14.129#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.792Z notice: DNS format error from 192.36.148.17#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.796Z notice: DNS format error from 192.33.4.12#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.800Z notice: DNS format error from 192.58.128.30#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.804Z notice: DNS format error from 202.12.27.33#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.808Z notice: DNS format error from 198.97.190.53#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.808Z notice: DNS format error from 199.7.91.13#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.816Z notice: DNS format error from 199.9.14.201#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.816Z info: resolver priming query complete
My ISP most probably uses some kind of transparent DNS proxy. I have come
to that conclusion based on running the test at dnsleaktest.com. It does
not matter which DNS I set in my laptop or desktop, the DNS IP always shows
up as the ISP's DNS [203.171.240.10, 203.171.240.11]. The only way I could
bypass this was by using DNSCrypt Proxy. Is it possible that my ISP is
preventing the root nameservers from resolving correctly which is
preventing my caching nameserver from working correctly? Or maybe I have
incorrectly configured something?
Can anyone help me figure out what exactly is the problem?
Regards,
Sainik
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
OS: Ubuntu 18.04 LTS
This is the named.conf.options config file for my caching name server
acl internalnetwork { 192.168.1.0/24; 192.168.58.0/24; };
options {
directory "/var/cache/bind";
dnssec-validation no;
listen-on { 127.0.0.1; 192.168.58.8; };
listen-on-v6 { none; };
recursion yes;
allow-recursion { internalnetwork; };
allow-query { internalnetwork; };
allow-transfer { none; };
};
logging {
channel named { file "named.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-category yes;
print-severity yes;};
channel security { file "security.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel dnssec { file "dnssec.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel resolver { file "resolver.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel query_log { file "query.log" versions 10 size
80M; severity debug; print-time iso8601-utc; print-severity yes; };
channel query-error { file "query-errors.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel lame_servers { file "lame-servers.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel capacity { file "capacity.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
channel rpz { file "rpz.log" versions 10 size
20M; severity info; print-time iso8601-utc; print-severity yes; };
category default { default_syslog; named; };
category general { default_syslog; named; };
category security { security; };
category queries { query_log; };
category lame-servers { lame_servers;};
category dnssec { dnssec; };
category edns-disabled { default_syslog; };
category config { default_syslog; named; };
category resolver { resolver; };
category edns-disabled { resolver; };
category cname { resolver; };
category serve-stale { resolver; };
category spill { capacity; };
category rate-limit { capacity; };
category database { capacity; };
category client { default_syslog; named; };
category network { default_syslog; named; };
category unmatched { named; };
category client { named; };
category network { named; };
category delegation-only { named;};
category dispatch { named; };
category trust-anchor-telemetry { named; };
category rpz { rpz;};
};
Error Log [lame-servers.log]
2021-04-30T11:53:25.385Z info: FORMERR resolving './NS/IN': 202.12.27.33#53
2021-04-30T11:53:25.389Z info: FORMERR resolving './NS/IN': 193.0.14.129#53
2021-04-30T11:53:25.393Z info: FORMERR resolving './NS/IN': 192.36.148.17#53
2021-04-30T11:53:25.405Z info: FORMERR resolving './NS/IN': 198.97.190.53#53
2021-04-30T11:53:25.409Z info: FORMERR resolving './NS/IN': 192.112.36.4#53
2021-04-30T11:53:25.413Z info: FORMERR resolving './NS/IN': 199.7.91.13#53
2021-04-30T11:53:25.417Z info: FORMERR resolving './NS/IN': 198.41.0.4#53
2021-04-30T11:53:25.421Z info: FORMERR resolving './NS/IN': 192.58.128.30#53
2021-04-30T11:53:25.425Z info: FORMERR resolving './NS/IN': 192.33.4.12#53
2021-04-30T11:53:25.425Z info: FORMERR resolving './NS/IN': 192.5.5.241#53
2021-04-30T11:53:25.429Z info: FORMERR resolving './NS/IN': 199.7.83.42#53
2021-04-30T11:53:25.437Z info: FORMERR resolving './NS/IN':
192.203.230.10#53
2021-04-30T11:53:25.441Z info: FORMERR resolving './NS/IN': 199.9.14.201#53
Error Log [resolver.log]
2021-04-30T11:58:17.784Z notice: DNS format error from 198.41.0.4#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.788Z notice: DNS format error from 193.0.14.129#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.792Z notice: DNS format error from 192.36.148.17#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.796Z notice: DNS format error from 192.33.4.12#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.800Z notice: DNS format error from 192.58.128.30#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.804Z notice: DNS format error from 202.12.27.33#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.808Z notice: DNS format error from 198.97.190.53#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.808Z notice: DNS format error from 199.7.91.13#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.816Z notice: DNS format error from 199.9.14.201#53
resolving ./NS for <unknown>: non-improving referral
2021-04-30T11:58:17.816Z info: resolver priming query complete
My ISP most probably uses some kind of transparent DNS proxy. I have come
to that conclusion based on running the test at dnsleaktest.com. It does
not matter which DNS I set in my laptop or desktop, the DNS IP always shows
up as the ISP's DNS [203.171.240.10, 203.171.240.11]. The only way I could
bypass this was by using DNSCrypt Proxy. Is it possible that my ISP is
preventing the root nameservers from resolving correctly which is
preventing my caching nameserver from working correctly? Or maybe I have
incorrectly configured something?
Can anyone help me figure out what exactly is the problem?
Regards,
Sainik