Hello,
[first sorry please my English]
I have installed Bind9 on Ubuntu 10.10 - just for personal use (no
zones, ...).
I did not have any problems until I now try to use some free VPN
services based on PPTP or OpenVPN.
After connect to them (new network device created - tun or tap and
default route changes) my BIND is not able to reach other (root)
nameservers. And resolve requests fails.
Restarting of BIND service do not help.
These VPN services do not offer own DNS servers and do not change
/etc/resolv.conf.
If I change my resolf.conf to e.g ISPs DNS server, I can then
normally
surf on web, ... == VPN works ok, routes are ok too.
After shutting down the VPN, my BIND then works normally again.
In attachment are ip routes before and after up of VPN and logs of
VPN itself and log of my BIND.
PLEASE HELP me to get working my BIND also when VPN connection is
active.
My knowlidge about BIND config is minimal and I have no Idea, why
all apps can communicate over the new route (over the VPN) and BIND
fails and logs: network unreachable. If I see on the BIND log, is
not tho problem with IPv6 (which I do not use (and understand))?
Thanks
--kapetr
****************** before VPN
10.6.6.0/24 dev eth0 proto kernel scope link src 10.6.6.10 metric 1
169.254.0.0/16 dev eth0 scope link metric 1000
default via 10.6.6.138 dev eth0 proto static
root@duron650:/etc/bind#
****************** after VPN comes up
root@duron650:/etc/bind# ip route list
173.203.198.31 via 10.6.6.138 dev eth0 proto static
204.232.203.12 via 10.6.6.138 dev eth0 src 10.6.6.10
204.232.203.12 dev ppp0 proto kernel scope link src 192.168.10.41
10.6.6.0/24 dev eth0 proto kernel scope link src 10.6.6.10 metric 1
169.254.0.0/16 dev eth0 scope link metric 1000
default dev ppp0 proto static
root@duron650:/etc/bind#
root@duron650:/etc/bind# ifconfig
eth0 Link encap:Ethernet HWadr 00:11:d8:10:57:6e
inet adr:10.6.6.10 VÅ¡esmÄr:10.6.6.255 Maska:255.255.255.0
inet6-adr: fe80::211:d8ff:fe10:576e/64 Rozsah:Linka
AKTIVOVÃNO VÅ ESMÄROVÃ_VYSÃLÃNà BÄŽà MULTICAST MTU:1500
Metrika:1
RX packets:45850 errors:0 dropped:0 overruns:0 frame:0
TX packets:47074 errors:0 dropped:0 overruns:0 carrier:0
kolizÃ:0 délka odchozà fronty:1000
PÅijato bajtů: 21574817 (21.5 MB) Odesláno bajtů: 10146684 (10.1
MB)
PÅeruÅ¡enÃ:23 VstupnÄ/Výstupnà port:0xc000
lo Link encap:MÃstnà smyÄka
inet adr:127.0.0.1 Maska:255.0.0.0
inet6-adr: ::1/128 Rozsah:PoÄÃtaÄ
AKTIVOVÃNO SMYÄKA BÄŽà MTU:16436 Metrika:1
RX packets:10945 errors:0 dropped:0 overruns:0 frame:0
TX packets:10945 errors:0 dropped:0 overruns:0 carrier:0
kolizÃ:0 délka odchozà fronty:0
PÅijato bajtů: 931884 (931.8 KB) Odesláno bajtů: 931884 (931.8 KB)
ppp0 Link encap:Point-to-Point Protokol
inet adr:192.168.10.41 P-t-P:204.232.203.12 Maska:255.255.255.255
AKTIVOVÃNO POINTOPOINT BÄŽà NEARP MULTICAST MTU:1400 Metrika:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
kolizÃ:0 délka odchozà fronty:3
PÅijato bajtů: 96 (96.0 B) Odesláno bajtů: 178 (178.0 B)
root@duron650:/etc/bind#
--------------------------------------------------------------------
**************** system log od VPN comming up
Apr 8 18:52:16 duron650 NetworkManager[669]: <info> Starting VPN service
'org.freedesktop.NetworkManager.pptp'...
Apr 8 18:52:16 duron650 NetworkManager[669]: <info> VPN service
'org.freedesktop.NetworkManager.pptp' started
(org.freedesktop.NetworkManager.pptp), PID 5718
Apr 8 18:52:16 duron650 NetworkManager[669]: <info> VPN service
'org.freedesktop.NetworkManager.pptp' appeared, activating connections
Apr 8 18:52:16 duron650 NetworkManager[669]: <info> VPN plugin state changed: 1
Apr 8 18:52:16 duron650 NetworkManager[669]: <info> VPN plugin state changed: 3
Apr 8 18:52:16 duron650 NetworkManager[669]: <info> VPN connection 'VPN on
Demand' (Connect) reply received.
Apr 8 18:52:16 duron650 pppd[5720]: Plugin
/usr/lib/pppd/2.4.5//nm-pptp-pppd-plugin.so loaded.
Apr 8 18:52:17 duron650 pppd[5720]: pppd 2.4.5 started by root, uid 0
Apr 8 18:52:17 duron650 modem-manager: (net/ppp0): could not get port's parent
device
Apr 8 18:52:17 duron650 NetworkManager[669]: SCPlugin-Ifupdown: devices
added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Apr 8 18:52:17 duron650 NetworkManager[669]: SCPlugin-Ifupdown: device
added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown
configuration found.
Apr 8 18:52:17 duron650 pppd[5720]: Using interface ppp0
Apr 8 18:52:17 duron650 pppd[5720]: Connect: ppp0 <--> /dev/pts/2
Apr 8 18:52:17 duron650 pptp[5725]: nm-pptp-service-5718 log[main:pptp.c:314]:
The synchronous pptp option is NOT activated
Apr 8 18:52:17 duron650 pptp[5738]: nm-pptp-service-5718
log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1
'Start-Control-Connection-Request'
Apr 8 18:52:18 duron650 pptp[5738]: nm-pptp-service-5718
log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Apr 8 18:52:18 duron650 pptp[5738]: nm-pptp-service-5718
log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Apr 8 18:52:18 duron650 pptp[5738]: nm-pptp-service-5718
log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7
'Outgoing-Call-Request'
Apr 8 18:52:19 duron650 pptp[5738]: nm-pptp-service-5718
log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Apr 8 18:52:19 duron650 pptp[5738]: nm-pptp-service-5718
log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's
call ID 64640).
Apr 8 18:52:21 duron650 pppd[5720]: CHAP authentication succeeded
Apr 8 18:52:22 duron650 pppd[5720]: MPPE 128-bit stateless compression enabled
Apr 8 18:52:23 duron650 pppd[5720]: Cannot determine ethernet address for
proxy ARP
Apr 8 18:52:23 duron650 pppd[5720]: local IP address 192.168.10.41
Apr 8 18:52:23 duron650 pppd[5720]: remote IP address 204.232.203.12
Apr 8 18:52:23 duron650 pppd[5720]: primary DNS address 8.8.8.8
Apr 8 18:52:23 duron650 pppd[5720]: secondary DNS address 8.8.4.4
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> VPN connection 'VPN on
Demand' (IP Config Get) reply received.
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> VPN Gateway: 173.203.198.31
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> Tunnel Device: ppp0
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 Address:
192.168.10.41
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 Prefix: 32
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4
Point-to-Point Address: 204.232.203.12
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> Maximum Segment Size
(MSS): 0
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 DNS: 8.8.8.8
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 DNS: 8.8.4.4
Apr 8 18:52:23 duron650 NetworkManager[669]: <info> DNS Domain: '(none)'
Apr 8 18:52:23 duron650 postfix/master[1431]: reload -- version 2.7.1,
configuration /etc/postfix
Apr 8 18:52:24 duron650 NetworkManager[669]: <warn> could not commit DNS
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr 8 18:52:24 duron650 NetworkManager[669]: <info> VPN connection 'VPN on
Demand' (IP Config Get) complete.
Apr 8 18:52:24 duron650 NetworkManager[669]: <warn> could not commit DNS
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr 8 18:52:24 duron650 NetworkManager[669]: <info> Policy set 'VPN on Demand'
(ppp0) as default for IPv4 routing and DNS.
Apr 8 18:52:24 duron650 NetworkManager[669]: <info> VPN plugin state changed: 4
Apr 8 18:52:24 duron650 nm-dispatcher.action: Script
'/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
--------- VPN shut down
Apr 8 18:53:19 duron650 pptp[5738]: nm-pptp-service-5718
log[logecho:pptp_ctrl.c:677]: Echo Reply received.
Apr 8 18:54:20 duron650 pptp[5738]: nm-pptp-service-5718
log[logecho:pptp_ctrl.c:677]: Echo Reply received.
Apr 8 18:54:45 duron650 pppd[5720]: Terminating on signal 15
Apr 8 18:54:45 duron650 pppd[5720]: Connect time 2.4 minutes.
Apr 8 18:54:45 duron650 pppd[5720]: Sent 261429 bytes, received 261795 bytes.
Apr 8 18:54:45 duron650 NetworkManager[669]: <warn> could not commit DNS
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr 8 18:54:45 duron650 pppd[5720]: MPPE disabled
Apr 8 18:54:45 duron650 pppd[5720]: Child process /usr/sbin/pptp vpn.vpnod.com
--nolaunchpppd --loglevel 0 --logstring nm-pptp-service-5718 (pid 5722)
terminated with signal 15
Apr 8 18:54:45 duron650 postfix/master[1431]: reload -- version 2.7.1,
configuration /etc/postfix
Apr 8 18:54:46 duron650 NetworkManager[669]: <warn> could not commit DNS
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr 8 18:54:46 duron650 NetworkManager[669]: <info> Policy set 'Auto eth0'
(eth0) as default for IPv4 routing and DNS.
Apr 8 18:54:46 duron650 nm-dispatcher.action: Script
'/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Apr 8 18:54:47 duron650 pppd[5720]: Connection terminated.
Apr 8 18:54:47 duron650 avahi-daemon[667]: Withdrawing workstation service for
ppp0.
Apr 8 18:54:47 duron650 NetworkManager[669]: SCPlugin-Ifupdown: devices
removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Apr 8 18:54:47 duron650 pptp[5725]: nm-pptp-service-5718
warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
Apr 8 18:54:47 duron650 pptp[5725]: nm-pptp-service-5718
warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Apr 8 18:54:47 duron650 pptp[5738]: nm-pptp-service-5718
log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
Apr 8 18:54:47 duron650 pptp[5738]: nm-pptp-service-5718
log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12
'Call-Clear-Request'
Apr 8 18:54:47 duron650 pptp[5738]: nm-pptp-service-5718
log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
^C
hugo@duron650:~$
-------------------------------------------------------------------------------------
************************ Bind9 logs when VPN comes UP
08-Apr-2011 18:52:23.554 general: info: received control channel command
'reconfig'
08-Apr-2011 18:52:23.555 general: info: loading configuration from
'/etc/bind/named.conf'
08-Apr-2011 18:52:23.558 general: info: reading built-in trusted keys from file
'/etc/bind/bind.keys'
08-Apr-2011 18:52:23.566 general: info: using default UDP/IPv4 port range:
[1024, 65535]
08-Apr-2011 18:52:23.567 general: info: using default UDP/IPv6 port range:
[1024, 65535]
08-Apr-2011 18:52:23.604 general: info: set up managed keys zone for view
_default, file 'managed-keys.bind'
08-Apr-2011 18:52:23.627 general: info: reloading configuration succeeded
08-Apr-2011 18:52:23.628 general: info: any newly configured zones are now
loaded
08-Apr-2011 18:54:06.206 lame-servers: info: error (network unreachable)
resolving 'www.ibm.cz/A/IN': 2001:628:453:420::48#53
08-Apr-2011 18:54:07.808 lame-servers: info: error (network unreachable)
resolving 'www.ibm.cz/A/IN': 2001:678:f::1#53
08-Apr-2011 18:54:07.808 lame-servers: info: error (network unreachable)
resolving 'www.ibm.cz/A/IN': 2001:678:11::1#53
08-Apr-2011 18:54:08.611 lame-servers: info: error (network unreachable)
resolving 'www.ibm.cz/A/IN': 2001:678:10::1#53
08-Apr-2011 18:54:08.612 lame-servers: info: error (network unreachable)
resolving 'www.ibm.cz/A/IN': 2001:678:1::1#53
08-Apr-2011 18:54:14.891 lame-servers: info: error (network unreachable)
resolving 'ns.almaden.ibm.com/A/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:14.892 lame-servers: info: error (network unreachable)
resolving 'ns.almaden.ibm.com/AAAA/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:21.294 lame-servers: info: error (network unreachable)
resolving 'ns.almaden.ibm.com/A/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:25.289 lame-servers: info: error (network unreachable)
resolving 'ns.watson.ibm.com/A/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.290 lame-servers: info: error (network unreachable)
resolving 'ns.watson.ibm.com/A/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:25.336 lame-servers: info: error (network unreachable)
resolving 'd.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.339 lame-servers: info: error (network unreachable)
resolving 'ns.almaden.ibm.com/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.375 lame-servers: info: error (network unreachable)
resolving 'ns.watson.ibm.com/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.379 lame-servers: info: error (network unreachable)
resolving 'ns.watson.ibm.com/AAAA/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:26.164 lame-servers: info: error (network unreachable)
resolving 'j.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:26.951 lame-servers: info: error (network unreachable)
resolving 'g.gtld-servers.net/AAAA/IN': 2001:503:231
.... e.t.c. ... ... .. .. ..
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
