Author Topic: odd issue with bind?  (Read 148 times)

killmasta93

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +13/-0
    • View Profile
odd issue with bind?
« on: December 21, 2021, 05:25:50 am »
Hi i was wondering if someone else has had this issue before,
Recently the server was working fine but im getting to see this error
Code: [Select]
root@apolo:~# service bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-12-20 23:13:55 -05; 8min ago
     Docs: man:named(8)
 Main PID: 2774 (named)
    Tasks: 4 (limit: 2279)
   CGroup: /system.slice/bind9.service
           └─2774 /usr/sbin/named -f -u bind -4

Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied

its when i try to connect to VPN which i use openvpn pfsense, whcih it does not let me navigate, but whats odd it was working fine before

turalyon

  • Zen Monk
  • **
  • Posts: 58
  • Karma: +11/-0
    • View Profile
Re: odd issue with bind?
« Reply #1 on: December 27, 2021, 03:22:32 pm »
Hi,

I think you need to add the parameter 'allow-query-cache' option in the configuration file 'named.conf.options' from Bind9 module and allow your network '192.168.60.0', below you have a link where the option is explained.

* http://www.zytrax.com/books/dns/ch7/queries.html#allow-query-cache


Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

killmasta93

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +13/-0
    • View Profile
Re: odd issue with bind?
« Reply #2 on: December 27, 2021, 07:01:46 pm »
Thanks for the reply,
This is my config i currently i have
its currently trusted

Code: [Select]
options {
        sortlist {
                192.168.1.0/24;
        };
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you might need to uncomment the query-source
    // directive below.  Previous versions of BIND always asked
    // questions using port 53, but BIND 8.1 and later use an unprivileged
    // port by default.

    //query-source address * port 53;
    //transfer-source * port 53;
    //notify-source * port 53;

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        forward first;
        forwarders {
                8.8.8.8;
        };

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

    auth-nxdomain no;    # conform to RFC1035

    allow-query { any; };
    allow-recursion { trusted; };
    allow-query-cache { trusted; };
    allow-transfer { internal-local-nets; };
};

logging { category lame-servers { null; }; };

turalyon

  • Zen Monk
  • **
  • Posts: 58
  • Karma: +11/-0
    • View Profile
Re: odd issue with bind?
« Reply #3 on: January 03, 2022, 11:12:59 am »
Hi,

Did you try to set 'any' to those 'allow-' options temporarily? Just to check if the messages disappear.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

killmasta93

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +13/-0
    • View Profile
Re: odd issue with bind?
« Reply #4 on: January 11, 2022, 11:34:42 pm »
Thanks for the reply, it seems that changing the DNS forwarders to my pfsense seemed to fix the issue