Discussion:
Strange DIG behavior on Windows 10:
Timothy Metzinger
2018-10-23 22:21:32 UTC
Permalink
I have two windows 10 pro boxes, both with Bind 9.12.3 tools installed. On one machine, entering "dig" by itself gives me back the root server list as expected. On the other machine, I get an error that says no name servers could be contacted.

However, if I specify the local name server on that second machine by entering dig @192.168.1.250, I get the root server list.

My logic says that since I can talk to the recursive server, I don't have a firewall issue. Instead, BIND is not finding the list of name servers (by reading the registry)? I tried putting in a resolv.conf file in c:\windows\system32\drivers\etc with contents:

nameserver 192.168.1.250
nameserver 192.168.1.251
nameserver 8.8.8.8

And that made no difference. Running the command prompt as an administrator makes no difference. At this point I'm stumped and welcome any suggestions.

Timothy Metzinger
Kevin Darcy
2018-10-23 22:44:52 UTC
Permalink
To be honest, I don't have a lot of experience running dig on Windows, but
I assume it would use the same resolvers as everything else, in which case
they're either statically defined (typically through Control Panel) or
assigned via DHCP.

One thing to consider, though: on Windows, resolvers tend to be assigned
*per-interface*. It's possible that you have some interface that has
assigned resolvers that you can't reach (due to firewall rules, routing
issues, etc.). The resolvers that get chosen may then be dependent on the
binding order of the interfaces, or other factors. For that matter, you
might be trying to use IPv6 resolvers, even though IPv6 may not be routable
from your LAN. Check out ipconfig /all.


- Kevin

On Tue, Oct 23, 2018 at 6:22 PM Timothy Metzinger <***@outlook.com>
wrote:

>
>
> I have two windows 10 pro boxes, both with Bind 9.12.3 tools installed.
> On one machine, entering “dig” by itself gives me back the root server list
> as expected. On the other machine, I get an error that says no name
> servers could be contacted.
>
>
>
> However, if I specify the local name server on that second machine by
> entering dig @192.168.1.250, I get the root server list.
>
>
>
> My logic says that since I can talk to the recursive server, I don’t have
> a firewall issue. Instead, BIND is not finding the list of name servers
> (by reading the registry)? I tried putting in a resolv.conf file in
> c:\windows\system32\drivers\etc with contents:
>
>
>
> nameserver 192.168.1.250
>
> nameserver 192.168.1.251
>
> nameserver 8.8.8.8
>
>
>
> And that made no difference. Running the command prompt as an
> administrator makes no difference. At this point I’m stumped and welcome
> any suggestions.
>
>
>
> Timothy Metzinger
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-***@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
Timothy Metzinger
2018-10-23 22:47:50 UTC
Permalink
That's a good Avenue to explore I will see if I can find any differences

Tim Metzinger
703.963.3015

________________________________
From: bind-users <bind-users-***@lists.isc.org> on behalf of Kevin Darcy <***@fcagroup.com>
Sent: Tuesday, October 23, 2018 6:44:52 PM
To: bind-***@lists.isc.org
Subject: Re: Strange DIG behavior on Windows 10:

To be honest, I don't have a lot of experience running dig on Windows, but I assume it would use the same resolvers as everything else, in which case they're either statically defined (typically through Control Panel) or assigned via DHCP.

One thing to consider, though: on Windows, resolvers tend to be assigned *per-interface*. It's possible that you have some interface that has assigned resolvers that you can't reach (due to firewall rules, routing issues, etc.). The resolvers that get chosen may then be dependent on the binding order of the interfaces, or other factors. For that matter, you might be trying to use IPv6 resolvers, even though IPv6 may not be routable from your LAN. Check out ipconfig /all.

- Kevin

On Tue, Oct 23, 2018 at 6:22 PM Timothy Metzinger <***@outlook.com<mailto:***@outlook.com>> wrote:

I have two windows 10 pro boxes, both with Bind 9.12.3 tools installed. On one machine, entering “dig” by itself gives me back the root server list as expected. On the other machine, I get an error that says no name servers could be contacted.

However, if I specify the local name server on that second machine by entering dig @192.168.1.250<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2F192.168.1.250&data=02%7C01%7C%7C5791d242f3c348dc778908d639393a76%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759315284857689&sdata=uBRptuFKaxPxt9W5EBasx0iVcNuzXgBoV6K9s14Y2ZY%3D&reserved=0>, I get the root server list.

My logic says that since I can talk to the recursive server, I don’t have a firewall issue. Instead, BIND is not finding the list of name servers (by reading the registry)? I tried putting in a resolv.conf file in c:\windows\system32\drivers\etc with contents:

nameserver 192.168.1.250
nameserver 192.168.1.251
nameserver 8.8.8.8

And that made no difference. Running the command prompt as an administrator makes no difference. At this point I’m stumped and welcome any suggestions.

Timothy Metzinger

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C5791d242f3c348dc778908d639393a76%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759315284857689&sdata=9aZx%2FciW4M%2FazGOHJn1J47FhjlkJzbG%2BZytRMPTaL%2F8%3D&reserved=0> to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org<mailto:bind-***@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C5791d242f3c348dc778908d639393a76%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759315284857689&sdata=9aZx%2FciW4M%2FazGOHJn1J47FhjlkJzbG%2BZytRMPTaL%2F8%3D&reserved=0>
Grant Taylor via bind-users
2018-10-23 22:54:50 UTC
Permalink
On 10/23/2018 04:21 PM, Timothy Metzinger wrote:
> At this point I’m stumped and welcome any suggestions.

Trust the bits on the wire.

What sort of outgoing DNS queries do you see when you run dig on the
problematic system without specifying the DNS server?

Can you find that server listed anywhere in the output of ifconfig /all?
(I think that's the command, it's been too long.)



--
Grant. . . .
unix || die
Timothy Metzinger
2018-10-24 00:13:16 UTC
Permalink
I see NO outgoing bits on the wire, bolstering my theory that DIG isn't finding name servers in the registry. NSLOOKUP works fine. There's no difference between the working and non working PC in the name servers listed in all the interfaces in ifconfig /all. Registry values for HKLM\system\currentcontrolset\services\tcpip\parameters\dhcpnameserver are identical.

I've deinstalled and reinstalled BIND. This is so weird.

-----Original Message-----
From: bind-users <bind-users-***@lists.isc.org> On Behalf Of Grant Taylor via bind-users
Sent: Tuesday, October 23, 2018 6:55 PM
To: bind-***@lists.isc.org
Subject: Re: Strange DIG behavior on Windows 10:

On 10/23/2018 04:21 PM, Timothy Metzinger wrote:
> At this point I'm stumped and welcome any suggestions.

Trust the bits on the wire.

What sort of outgoing DNS queries do you see when you run dig on the problematic system without specifying the DNS server?

Can you find that server listed anywhere in the output of ifconfig /all?
(I think that's the command, it's been too long.)



--
Grant. . . .
unix || die

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Loading...