BIND DNS not returning records.

curtisgrice · Jan 2, 2018, 6:12 PM

Ok so I'm trying to use BIND for my DNS and it WAS working great but now its not… When querying a host FQDN is see the following in wireshark:


1	0.000000	192.168.1.240	192.168.1.1	DNS	79	Standard query 0xb0a3 A FreeNAS.rack.center
2	0.000565	192.168.1.1	192.168.1.240	DNS	137	Standard query response 0xb0a3 No such name A FreeNAS.rack.center SOA 192.168.1.1

Here is my zone file:


$TTL 120M
;
$ORIGIN rack.center.

;	Database file rack.center.DB for rack.center zone.
;	Do not edit this file!!!
;	Zone version 2449940602
;
rack.center.	 IN  SOA 192.168.1.1\. 	 zonemaster.rack.center. (
		2449940602 ; serial
		1d ; refresh
		2h ; retry
		4w ; expire
		1h ; default_ttl
		)

;
; Zone Records
;
@ 	 IN NS 	192.168.1.1.
@ 	 IN A 	192.168.1.1
pfSense 	 IN A  	192.168.1.1
Switch 	 IN A  	192.168.99.2
FreeNAS 	 IN A  	192.168.1.5
UniFi 	 IN A  	192.168.1.3
Plex 	 IN A  	192.168.1.6
Transmission 	 IN A  	192.168.1.7
Minecraft 	 IN A  	192.168.1.20
VCSA 	 IN A  	192.168.99.99
ESXi01 	 IN A  	192.168.99.101
VROMA 	 IN A  	192.168.99.100
DC01 	 IN A  	192.168.1.5

;
;custom zone records
;
_ldap._tcp SRV 0 0 389 DC01
_kerberos._tcp.rack SRV 0 0 88 DC01
_ldap._tcp.dc._msdcs SRV 0 0 389 DC01
_kerberos._tcp.dc._msdcs SRV 0 0 88 DC01
_kerberos._tcp.dc._msdcs SRV 0 0 3268 DC01

And the log file of BIND loading:


Jan 2 12:01:59	named	48149	command channel listening on 127.0.0.1#953
Jan 2 12:01:59	named	48149	setsockopt(28, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: EMPTY.AS112.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: B.E.F.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: A.E.F.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 9.E.F.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 8.E.F.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: D.F.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 255.255.255.255.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 113.0.203.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 100.51.198.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 2.0.192.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 254.169.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 127.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 0.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 127.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 126.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 125.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 124.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 123.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 122.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 121.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 120.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 119.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 118.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 117.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 116.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 115.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 114.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 113.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 112.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 111.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 110.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 109.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 108.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 107.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 106.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 105.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 104.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 103.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 102.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 101.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 100.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 99.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 98.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 97.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 96.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 95.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 94.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 93.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 92.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 91.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 90.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 89.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 88.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 87.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 86.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 85.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 84.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 83.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 82.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 81.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 80.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 79.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 78.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 77.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 76.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 75.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 74.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 73.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 72.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 71.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 70.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 69.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 68.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 67.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 66.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 65.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 64.100.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 168.192.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 31.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 30.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 29.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 28.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 27.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 26.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 25.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 24.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 23.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 22.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 21.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 20.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 19.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 18.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 17.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 16.172.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	automatic empty zone: view Internal: 10.IN-ADDR.ARPA
Jan 2 12:01:59	named	48149	set up managed keys zone for view Internal, file '2ea1842b445b0c81.mkeys'
Jan 2 12:01:59	named	48149	zone 'rack.center' allows unsigned updates from remote hosts, which is insecure
Jan 2 12:01:59	named	48149	sizing zone task pool based on 2 zones
Jan 2 12:01:59	named	48149	generating session key for dynamic DNS
Jan 2 12:01:59	named	48149	setsockopt(27, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	listening on IPv4 interface igb1.91, 192.168.91.1#53
Jan 2 12:01:59	named	48149	setsockopt(26, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	listening on IPv4 interface igb1.90, 192.168.90.1#53
Jan 2 12:01:59	named	48149	setsockopt(25, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	listening on IPv4 interface igb1.70, 192.168.70.1#53
Jan 2 12:01:59	named	48149	setsockopt(24, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	listening on IPv4 interface igb1.50, 192.168.50.1#53
Jan 2 12:01:59	named	48149	setsockopt(23, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	listening on IPv4 interface igb1.99, 192.168.99.1#53
Jan 2 12:01:59	named	48149	setsockopt(22, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	listening on IPv4 interface lo0, 127.0.0.1#53
Jan 2 12:01:59	named	48149	setsockopt(21, TCP_FASTOPEN) failed with Protocol not available
Jan 2 12:01:59	named	48149	socket.c:5695: unexpected error:
Jan 2 12:01:59	named	48149	listening on IPv4 interface igb1, 192.168.1.1#53
Jan 2 12:01:59	named	48149	using default UDP/IPv4 port range: [49152, 65535]
Jan 2 12:01:59	named	48149	unable to open '/usr/local/etc/namedb/bind.keys' using built-in keys
Jan 2 12:01:59	named	48149	loading configuration from '/etc/namedb/named.conf'
Jan 2 12:01:59	named	48149	./config.c: option 'lmdb-mapsize' was not enabled at compile time (ignored)
Jan 2 12:01:59	named	48149	using up to 4096 sockets
Jan 2 12:01:59	named	48149	using 1 UDP listener per interface
Jan 2 12:01:59	named	48149	found 2 CPUs, using 2 worker threads
Jan 2 12:01:59	named	48149	----------------------------------------------------
Jan 2 12:01:59	named	48149	available at https://www.isc.org/support
Jan 2 12:01:59	named	48149	corporation. Support and training for BIND 9 are
Jan 2 12:01:59	named	48149	Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 2 12:01:59	named	48149	BIND 9 is maintained by Internet Systems Consortium,
Jan 2 12:01:59	named	48149	----------------------------------------------------
Jan 2 12:01:59	named	48149	running as: named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/
Jan 2 12:01:59	named	48149	built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--disable-dnstap' '--enable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--without-idn' '--enable-ipv6' '--with-libjson' '--disable-largefile' '--without-lmdb' '--without-python' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-threads' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--with-dlz-filesystem=yes' '--without-gost' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.0' 'build_alias=amd64-portbld-freebsd11.0' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing' 'LDFLAGS= -fstack-protector' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-isystem /usr/local/incl
Jan 2 12:01:59	named	48149	running on FreeBSD amd64 11.1-RELEASE-p6 FreeBSD 11.1-RELEASE-p6 #5 r313908+a5b33c9d1c4(RELENG_2_4): Tue Dec 12 13:20:18 CST 2017 root@buildbot2.netgate.com:/xbuilder/crossbuild-242/pfSense/tmp/obj/xbuilder/crossbuild-242/pfSense/tmp/FreeBSD-src/sys/pfSense
Jan 2 12:01:59	named	48149	starting BIND 9.11.2 <id:0a2b929></id:0a2b929>

I can't understand why it wont respond to a query for any of the A records. HELP!

Gertjan · Jan 2, 2018, 7:59 PM

@curtisgrice:

….
Jan 2 12:01:59 named 48149 setsockopt(28, TCP_FASTOPEN) failed with Protocol not available
......

You saw the "failed" ?
So copy "setsockopt(28, TCP_FASTOPEN) failed with Protocol not available" into Google and you will know more.

curtisgrice · Jan 2, 2018, 10:56 PM

Ok so how do I downgrade to 9.10.4P2? I don't see any documentation on downgrading packages.

Gertjan · Jan 3, 2018, 3:57 PM

Can't tell.
Packages related to OS (FreeBSD) and pfSense use very strict rules.
All depends what you have right now, etc.

kpa · Jan 3, 2018, 4:02 PM

I doubt downgrading the BIND package would do any good, cure the problem, not the symptoms.

curtisgrice · Jan 3, 2018, 6:21 PM

Ok but more to the issue, BIND IS working (just not the way I need). I can see it accepts the quere and sends a response, just not the correct one. I feel like this is one of those missing ; kind of issues.

johnpoz · Jan 4, 2018, 1:31 PM

Don't cross post, and dig up threads from year ago..

What part in your zone file do you think is correct about this?

@ IN NS 192.168.1.1.

So you think its ok to put in an IP for your NS record?

curtisgrice · Jan 5, 2018, 4:12 PM

@johnpoz:

Don't cross post, and dig up threads from year ago..

Sorry about that It seemed related.

@johnpoz:

What part in your zone file do you think is correct about this?

@ IN NS 192.168.1.1.

So you think its ok to put in an IP for your NS record?

What makes you think I know so much about DNS? ;)

johnpoz · Jan 5, 2018, 4:44 PM

Nothing from that zone file - but that you would be running bind vs just unbound or or the dnsmasq forwarder seems to point to you know something about dns and need the functionality of bind ;)

Fix your zone up and it will work just fine..

curtisgrice · Jan 5, 2018, 5:44 PM

This may be against best practice but doesn't this just cause a recursive lookup? Why not just drop the name server IP into

@ 	 IN NS 	ns1.rack.center.
...
ns1 	 IN A  	192.168.1.1

vs

@ 	 IN NS 	192.168.1.1

I feel like i'm still missing something.

johnpoz · Jan 5, 2018, 6:26 PM

https://www.ietf.org/rfc/rfc1035.txt

NSDNAME A <domain-name>which specifies a host which should be authoritative for the specified class and domain.

How is 192.168.1.1 a domain-name? I suggest you read the rfc ;)

Run your zone file through checkconf..

Yes your NS record will need a A record for its name pointing to the IP, etc. .. But an IP is not a valid NS record..</domain-name>