Hello,
I use a Raspberry PI as bind and dhcp server.
A strange thing happens to me …
On the resolv.conf clients it looks like this:
# Generated by NetworkManager
search flab
nameserver 192.168.1.100
nameserver 8.8.8.8
the network has a machine called ipazia, IP 192.168.1.3
Command: nslookup ipazia
;; Got recursion not available from 192.168.1.100, trying next server
;; Got recursion not available from 192.168.1.100, trying next server
Server: 8.8.8.8
Address: 8.8.8.8 # 53
** server can’t find ipazia: NXDOMAIN
Command: nslookup ipazia 192.168.1.100
Server: 192.168.1.100
Address: 192.168.1.100 # 53
Name: ipazia.flab
Address: 192.168.1.3
That is, it works if I specify the server where to make the query. The query works even if the resolv.con is changed as follows:
# Generated by NetworkManager
search flab
nameserver 192.168.1.100
# deleted nameserver 8.8.8.8
but in this case servers outside the subnet are not recognized. I made various tests … without finding a solution.
Following named.conf.options:
cl goodclients {
192.168.1.0/24;
localhost;
localnets;
};
options {
directory "/ var / cache / bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
//};
// forwarders {
// 8.8.8.8;
// 8.8.4.4;
//};
forwarders {
8.8.4.4;
};
// forward only;
// =============================================== ========================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
// =============================================== ========================
dnssec-validation auto;
// dnssec-enable yes;
// dnssec-validation yes;
listen-on-v6 {any; };
//MARCO
recursion yes;
allow-query {goodclients; };
allow-recursion {goodclients; };
allow-transfer {goodclients; };
allow-query {any; };
allow-recursion {any; };
allow-transfer {any; };
allow-query-cache {any; };
notify yes;
allow-recursion {127.0.0.1; 192.168.1.0/24; };
#querylog yes;
auth-nxdomain no;
listen-on {any; }
};
Dig gives me the following answers:
Command: dig ipazia
; << >> DiG 9.16.6 << >> ipazia
;; global options: + cmd
;; Got answer:
;; - >> HEADER << - opcode: QUERY, status: REFUSED, id: 13439
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags :; udp: 4096
; COOKIE: 6f54b031555c3e42010000005f9aaeae29abdb401bc977b8 (good)
;; QUESTION SECTION:
; hypatia. IN A
;; Query time: 3 msec
;; SERVER: 192.168.1.100 # 53 (192.168.1.100)
;; WHEN: Thu Oct 29 12:59:42 CET 2020
;; MSG SIZE rcvd: 63
Command: dig @ 192.168.1.100 ipazia
; << >> DiG 9.16.6 << >> @ 192.168.1.100 ipazia
; (1 server found)
;; global options: + cmd
;; Got answer:
;; - >> HEADER << - opcode: QUERY, status: REFUSED, id: 55099
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags :; udp: 4096
; COOKIE: 6d3ed396d7e62a5f010000005f9aaed458609fe61b6fc588 (good)
;; QUESTION SECTION:
; hypatia. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.100 # 53 (192.168.1.100)
;; WHEN: Thu Oct 29 13:00:20 CET 2020
;; MSG SIZE rcvd: 63
Tips?
Thank you
