Hi everybody,
for the name resolution in my network I use bind-9.16.6 based on openSuse Leap
15.2. On that server I have two IP addresses configured. The one for the server
itself - e.g. 192.168.3.150 - and a second one for the DNS - e.g.
192.168.3.200.
If I send DNS-Queries to the IP 192.168.3.150, all queries will be
answered. Sending queries to the IP 192.168.3.200, some of them become
answered, but most of them not. The DNS-Client like nslookup or dig runs into
timeouts.
I have increased my debug level and what I see is the following:
17-Mar-2021 22:44:06.079 client: debug 3: client @0x7f063000b180
127.0.0.1#55255: UDP request 17-Mar-2021 22:44:06.079 client: debug 5: client
@0x7f063000b180 127.0.0.1#55255: using view '_default' 17-Mar-2021 22:44:06.079
security: debug 3: client @0x7f063000b180 127.0.0.1#55255: request is not
signed 17-Mar-2021 22:44:06.079 security: debug 3: client @0x7f063000b180
127.0.0.1#55255: recursion available 17-Mar-2021 22:44:06.079 security: debug
3: client @0x7f063000b180 127.0.0.1#55255 (my.host.domain.de): query
'my.host.domain.de/A/IN' approved 17-Mar-2021 22:44:06.079 security: debug 3:
client @0x7f0630007440 127.0.0.1#35797 (my.host.domain.de): reset client
17-Mar-2021 22:44:06.079 security: debug 3: client @0x7f063000b180
127.0.0.1#55255 (my.host.domain.de): reset client
My bind-config and examples are attached below.
/etc/named.conf
options { directory "/var/lib/named"; managed-keys-directory
"/var/lib/named/dyn/"; dump-file "/var/log/named_dump.db"; statistics-file
"/var/log/named.stats"; forwarders { xxx.xxx.xxx.xxx; }; listen-on port 53 {
127.0.0.1; 192.168.3.150; 192.168.3.200; }; listen-on-v6 { none; };
query-source address 192.168.3.200 port *; transfer-source 192.168.3.200 port
53; allow-query { 127.0.0.1; 192.168.0.0/24; 192.168.1.0/24; 192.168.2.0/24;
192.168.3.0/24; 192.168.4.0/24; }; notify no; disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
allow-transfer { localhost; 192.168.0.170; }; recursion yes; }; logging {
channel default_file { file "/var/log/named.log" size 10m; severity dynamic;
print-time yes; print-severity yes; print-category yes; }; category default{
default_file; }; }; zone "." in { type hint; file "root.hint"; }; zone
"localhost" in { type master; file "localhost.zone"; }; zone
"0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; include
"/etc/bind/zones.conf";
It makes no difference from which subnet the queries come from. For testing I
used a server in the same subnet like my DNS is, so there is no firewall or NAT
in between.
I also captured the network traffic of the DNS-Server and -Client. All I can
see is, that the server receives the query from the client, but no response is
sent from the server.
When I run dig with the +tcp option, all of the queries will be answered.
Any idea why named resets the client? Thanks and regard,
Jonathan
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
