Bug#1055632: bind9: needs restarting daily to resolve www.dumbingofage.com
Actually, I can answer that myself: https://dnsviz.net/d/www.dumbingofage.com/dnssec/ They are not. So what happens is that on initial query, the NS from parents are used to bootstrap and then named caches the child NSs and those are broken. Not BIND 9’s fault. Ondrej -- Ondřej Surý (He/Him) > On 9. 11. 2023, at 10:54, Ondřej Surý wrote: > > Hey, > > are the NS sets in parent and child in sync? > > Ondrej > -- > Ondřej Surý (He/Him) > >> On 9. 11. 2023, at 10:30, Matthew Vernon wrote: >> >> Package: bind9 >> Version: 1:9.18.19-1~deb12u1 >> Severity: normal >> >> Hi, >> >> This is a weird one, but it's been happening daily for a few days now, >> so I figured it was worth reporting. >> >> For the last few days, if I try and visit >> https://www.dumbingofage.com/ >> >> Firefox can't resolve the hostname, similarly on the CLI: >> matthew@aragorn:~$ host www.dumbingofage.com >> Host www.dumbingofage.com not found: 2(SERVFAIL) >> >> AFAICT the NSs work - I can do both >> dig @23.226.68.75 www.dumbingofage.com >> and >> dig @23.226.68.76 www.dumbingofage.com >> >> And get a sensible answer back. >> >> If I restart bind9 then I am able to resolve the hostname fine, only for >> the same problem to recur the following day. >> >> So _something_ is getting confused, and I'm pretty sure it's bind :) >> >> Regards, >> >> Matthew >> >> -- System Information: >> Debian Release: 12.2 >> APT prefers stable-updates >> APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, >> 'stable') >> Architecture: amd64 (x86_64) >> >> Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT) >> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), >> LANGUAGE=en_GB:en >> Shell: /bin/sh linked to /usr/bin/dash >> Init: sysvinit (via /sbin/init) >> LSM: AppArmor: enabled >> >> Versions of packages bind9 depends on: >> ii adduser3.134 >> ii bind9-libs 1:9.18.19-1~deb12u1 >> ii bind9-utils1:9.18.19-1~deb12u1 >> ii debconf [debconf-2.0] 1.5.82 >> ii dns-root-data 2023010101 >> ii init-system-helpers1.65.2 >> ii iproute2 6.1.0-3 >> ii libc6 2.36-9+deb12u3 >> ii libcap21:2.66-4 >> ii libelogind0 [libsystemd0] 246.10-1debian1 >> ii libfstrm0 0.6.1-1 >> ii libjson-c5 0.16-2 >> ii liblmdb0 0.9.24-1 >> ii libmaxminddb0 1.7.1-1 >> ii libnghttp2-14 1.52.0-1 >> ii libprotobuf-c1 1.4.1-1+b1 >> ii libssl33.0.11-1~deb12u2 >> ii libuv1 1.44.2-1 >> ii libxml22.9.14+dfsg-1.3~deb12u1 >> ii lsb-base 11.6 >> ii netbase6.4 >> ii sysvinit-utils [lsb-base] 3.06-4 >> ii zlib1g 1:1.2.13.dfsg-1 >> >> bind9 recommends no packages. >> >> Versions of packages bind9 suggests: >> pn bind-doc >> ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1 >> ii dnsutils 1:9.18.19-1~deb12u1 >> pn resolvconf >> pn ufw >> >> -- Configuration Files: >> /etc/bind/db.127 changed: >> ; >> ; BIND reverse data file for local loopback interface >> ; >> $TTL604800 >> @INSOAns.empire.pick.ucam.org. hostmaster.pick.ucam.org. ( >> 3; Serial >>604800; Refresh >> 86400; Retry >> 2419200; Expire >>604800 ); Negative Cache TTL >> ; >> @INNSlocalhost. >> 1.0.0INPTRlocalhost. >> >> /etc/bind/named.conf changed: >> // This is the primary configuration file for the BIND DNS server named. >> // >> // Please read /usr/share/doc/bind/README.Debian for information on the >> // structure of BIND configuration files in Debian for BIND versions 8.2.1 >> // and later, *BEFORE* you customize this configuration file. >> // >> options { >> directory "/var/cache/bind"; >> check-names master warn; >> // If there is a firewall between you and nameservers you want >> // to talk to, you might need to uncomment the query-source >> // directive below. Previous versions of BIND always asked >> // questions using port 53, but BIND 8.1 and later use an unprivileged >> // port by default. >> // query-source address * port 53; >> // If your ISP provided one or more IP addresses for stable >> // nameservers, you probably want to use them as forwarders. >> // Uncomment the following block, and insert the addresses replacing >> // the all-0's placeholder. >> //can't use this, since it would break the reverse zones we secondary >> //forwarders { >> //212.23.8.1; 212.23.8.6; >> //}; >> }; >> // reduce log verbosity on issues outside our control >> logging { >> category lame-servers { null; }; >> //category cname { null; }; >>
Bug#1055632: bind9: needs restarting daily to resolve www.dumbingofage.com
Hey, are the NS sets in parent and child in sync? Ondrej -- Ondřej Surý (He/Him) > On 9. 11. 2023, at 10:30, Matthew Vernon wrote: > > Package: bind9 > Version: 1:9.18.19-1~deb12u1 > Severity: normal > > Hi, > > This is a weird one, but it's been happening daily for a few days now, > so I figured it was worth reporting. > > For the last few days, if I try and visit > https://www.dumbingofage.com/ > > Firefox can't resolve the hostname, similarly on the CLI: > matthew@aragorn:~$ host www.dumbingofage.com > Host www.dumbingofage.com not found: 2(SERVFAIL) > > AFAICT the NSs work - I can do both > dig @23.226.68.75 www.dumbingofage.com > and > dig @23.226.68.76 www.dumbingofage.com > > And get a sensible answer back. > > If I restart bind9 then I am able to resolve the hostname fine, only for > the same problem to recur the following day. > > So _something_ is getting confused, and I'm pretty sure it's bind :) > > Regards, > > Matthew > > -- System Information: > Debian Release: 12.2 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, > 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), > LANGUAGE=en_GB:en > Shell: /bin/sh linked to /usr/bin/dash > Init: sysvinit (via /sbin/init) > LSM: AppArmor: enabled > > Versions of packages bind9 depends on: > ii adduser3.134 > ii bind9-libs 1:9.18.19-1~deb12u1 > ii bind9-utils1:9.18.19-1~deb12u1 > ii debconf [debconf-2.0] 1.5.82 > ii dns-root-data 2023010101 > ii init-system-helpers1.65.2 > ii iproute2 6.1.0-3 > ii libc6 2.36-9+deb12u3 > ii libcap21:2.66-4 > ii libelogind0 [libsystemd0] 246.10-1debian1 > ii libfstrm0 0.6.1-1 > ii libjson-c5 0.16-2 > ii liblmdb0 0.9.24-1 > ii libmaxminddb0 1.7.1-1 > ii libnghttp2-14 1.52.0-1 > ii libprotobuf-c1 1.4.1-1+b1 > ii libssl33.0.11-1~deb12u2 > ii libuv1 1.44.2-1 > ii libxml22.9.14+dfsg-1.3~deb12u1 > ii lsb-base 11.6 > ii netbase6.4 > ii sysvinit-utils [lsb-base] 3.06-4 > ii zlib1g 1:1.2.13.dfsg-1 > > bind9 recommends no packages. > > Versions of packages bind9 suggests: > pn bind-doc > ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1 > ii dnsutils 1:9.18.19-1~deb12u1 > pn resolvconf > pn ufw > > -- Configuration Files: > /etc/bind/db.127 changed: > ; > ; BIND reverse data file for local loopback interface > ; > $TTL604800 > @INSOAns.empire.pick.ucam.org. hostmaster.pick.ucam.org. ( > 3; Serial > 604800; Refresh > 86400; Retry >2419200; Expire > 604800 ); Negative Cache TTL > ; > @INNSlocalhost. > 1.0.0INPTRlocalhost. > > /etc/bind/named.conf changed: > // This is the primary configuration file for the BIND DNS server named. > // > // Please read /usr/share/doc/bind/README.Debian for information on the > // structure of BIND configuration files in Debian for BIND versions 8.2.1 > // and later, *BEFORE* you customize this configuration file. > // > options { >directory "/var/cache/bind"; >check-names master warn; >// If there is a firewall between you and nameservers you want >// to talk to, you might need to uncomment the query-source >// directive below. Previous versions of BIND always asked >// questions using port 53, but BIND 8.1 and later use an unprivileged >// port by default. >// query-source address * port 53; >// If your ISP provided one or more IP addresses for stable >// nameservers, you probably want to use them as forwarders. >// Uncomment the following block, and insert the addresses replacing >// the all-0's placeholder. >//can't use this, since it would break the reverse zones we secondary >//forwarders { >//212.23.8.1; 212.23.8.6; >//}; > }; > // reduce log verbosity on issues outside our control > logging { >category lame-servers { null; }; > //category cname { null; }; > }; > // prime the server with knowledge of the root servers > zone "." { >type hint; >file "/etc/bind/db.root"; > }; > // be authoritative for the localhost forward and reverse zones, and for > // broadcast zones as per RFC 1912 > zone "localhost" { >type master; >file "/etc/bind/db.local"; > }; > zone "127.in-addr.arpa" { >type master; >file "/etc/bind/db.127"; > }; > zone "0.in-addr.arpa" { >type master; >
Bug#1055632: bind9: needs restarting daily to resolve www.dumbingofage.com
Package: bind9 Version: 1:9.18.19-1~deb12u1 Severity: normal Hi, This is a weird one, but it's been happening daily for a few days now, so I figured it was worth reporting. For the last few days, if I try and visit https://www.dumbingofage.com/ Firefox can't resolve the hostname, similarly on the CLI: matthew@aragorn:~$ host www.dumbingofage.com Host www.dumbingofage.com not found: 2(SERVFAIL) AFAICT the NSs work - I can do both dig @23.226.68.75 www.dumbingofage.com and dig @23.226.68.76 www.dumbingofage.com And get a sensible answer back. If I restart bind9 then I am able to resolve the hostname fine, only for the same problem to recur the following day. So _something_ is getting confused, and I'm pretty sure it's bind :) Regards, Matthew -- System Information: Debian Release: 12.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages bind9 depends on: ii adduser3.134 ii bind9-libs 1:9.18.19-1~deb12u1 ii bind9-utils1:9.18.19-1~deb12u1 ii debconf [debconf-2.0] 1.5.82 ii dns-root-data 2023010101 ii init-system-helpers1.65.2 ii iproute2 6.1.0-3 ii libc6 2.36-9+deb12u3 ii libcap21:2.66-4 ii libelogind0 [libsystemd0] 246.10-1debian1 ii libfstrm0 0.6.1-1 ii libjson-c5 0.16-2 ii liblmdb0 0.9.24-1 ii libmaxminddb0 1.7.1-1 ii libnghttp2-14 1.52.0-1 ii libprotobuf-c1 1.4.1-1+b1 ii libssl33.0.11-1~deb12u2 ii libuv1 1.44.2-1 ii libxml22.9.14+dfsg-1.3~deb12u1 ii lsb-base 11.6 ii netbase6.4 ii sysvinit-utils [lsb-base] 3.06-4 ii zlib1g 1:1.2.13.dfsg-1 bind9 recommends no packages. Versions of packages bind9 suggests: pn bind-doc ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1 ii dnsutils 1:9.18.19-1~deb12u1 pn resolvconf pn ufw -- Configuration Files: /etc/bind/db.127 changed: ; ; BIND reverse data file for local loopback interface ; $TTL604800 @ IN SOA ns.empire.pick.ucam.org. hostmaster.pick.ucam.org. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 1.0.0 IN PTR localhost. /etc/bind/named.conf changed: // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind/README.Debian for information on the // structure of BIND configuration files in Debian for BIND versions 8.2.1 // and later, *BEFORE* you customize this configuration file. // options { directory "/var/cache/bind"; check-names master warn; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. //can't use this, since it would break the reverse zones we secondary //forwarders { //212.23.8.1; 212.23.8.6; //}; }; // reduce log verbosity on issues outside our control logging { category lame-servers { null; }; // category cname { null; }; }; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; // add entries for other zones below here zone "empire.pick.ucam.org" { type master; file "/etc/bind/db.empire"; }; zone