Hi, I need some help setting up a recursive nameserver for my internal network using BIND 9. The recursive name server is not resolving any domains.
I am running the BIND 9 package from the ppa:isc/bind repo. BIND Version Number: 9.16.15 OS: Ubuntu 18.04 LTS This is the named.conf.options config file for my caching name server acl internalnetwork { 192.168.1.0/24; 192.168.58.0/24; }; options { directory "/var/cache/bind"; dnssec-validation no; listen-on { 127.0.0.1; 192.168.58.8; }; listen-on-v6 { none; }; recursion yes; allow-recursion { internalnetwork; }; allow-query { internalnetwork; }; allow-transfer { none; }; }; logging { channel named { file "named.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-category yes; print-severity yes;}; channel security { file "security.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-severity yes; }; channel dnssec { file "dnssec.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-severity yes; }; channel resolver { file "resolver.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-severity yes; }; channel query_log { file "query.log" versions 10 size 80M; severity debug; print-time iso8601-utc; print-severity yes; }; channel query-error { file "query-errors.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-severity yes; }; channel lame_servers { file "lame-servers.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-severity yes; }; channel capacity { file "capacity.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-severity yes; }; channel rpz { file "rpz.log" versions 10 size 20M; severity info; print-time iso8601-utc; print-severity yes; }; category default { default_syslog; named; }; category general { default_syslog; named; }; category security { security; }; category queries { query_log; }; category lame-servers { lame_servers;}; category dnssec { dnssec; }; category edns-disabled { default_syslog; }; category config { default_syslog; named; }; category resolver { resolver; }; category edns-disabled { resolver; }; category cname { resolver; }; category serve-stale { resolver; }; category spill { capacity; }; category rate-limit { capacity; }; category database { capacity; }; category client { default_syslog; named; }; category network { default_syslog; named; }; category unmatched { named; }; category client { named; }; category network { named; }; category delegation-only { named;}; category dispatch { named; }; category trust-anchor-telemetry { named; }; category rpz { rpz;}; }; Error Log [lame-servers.log] 2021-04-30T11:53:25.385Z info: FORMERR resolving './NS/IN': 202.12.27.33#53 2021-04-30T11:53:25.389Z info: FORMERR resolving './NS/IN': 193.0.14.129#53 2021-04-30T11:53:25.393Z info: FORMERR resolving './NS/IN': 192.36.148.17#53 2021-04-30T11:53:25.405Z info: FORMERR resolving './NS/IN': 198.97.190.53#53 2021-04-30T11:53:25.409Z info: FORMERR resolving './NS/IN': 192.112.36.4#53 2021-04-30T11:53:25.413Z info: FORMERR resolving './NS/IN': 199.7.91.13#53 2021-04-30T11:53:25.417Z info: FORMERR resolving './NS/IN': 198.41.0.4#53 2021-04-30T11:53:25.421Z info: FORMERR resolving './NS/IN': 192.58.128.30#53 2021-04-30T11:53:25.425Z info: FORMERR resolving './NS/IN': 192.33.4.12#53 2021-04-30T11:53:25.425Z info: FORMERR resolving './NS/IN': 192.5.5.241#53 2021-04-30T11:53:25.429Z info: FORMERR resolving './NS/IN': 199.7.83.42#53 2021-04-30T11:53:25.437Z info: FORMERR resolving './NS/IN': 192.203.230.10#53 2021-04-30T11:53:25.441Z info: FORMERR resolving './NS/IN': 199.9.14.201#53 Error Log [resolver.log] 2021-04-30T11:58:17.784Z notice: DNS format error from 198.41.0.4#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.788Z notice: DNS format error from 193.0.14.129#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.792Z notice: DNS format error from 192.36.148.17#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.796Z notice: DNS format error from 192.33.4.12#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.800Z notice: DNS format error from 192.58.128.30#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.804Z notice: DNS format error from 202.12.27.33#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.808Z notice: DNS format error from 198.97.190.53#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.808Z notice: DNS format error from 199.7.91.13#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.816Z notice: DNS format error from 199.9.14.201#53 resolving ./NS for <unknown>: non-improving referral 2021-04-30T11:58:17.816Z info: resolver priming query complete My ISP most probably uses some kind of transparent DNS proxy. I have come to that conclusion based on running the test at dnsleaktest.com. It does not matter which DNS I set in my laptop or desktop, the DNS IP always shows up as the ISP's DNS [203.171.240.10, 203.171.240.11]. The only way I could bypass this was by using DNSCrypt Proxy. Is it possible that my ISP is preventing the root nameservers from resolving correctly which is preventing my caching nameserver from working correctly? Or maybe I have incorrectly configured something? Can anyone help me figure out what exactly is the problem? Regards, Sainik
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users