BIND9 fails resolving after connecting to VPN

Fri, 08 Apr 2011 10:32:48 -0700 

Hello,

[first sorry please my English]

I have installed Bind9 on Ubuntu 10.10 - just for personal use (no
zones, ...).

I did not have any problems until I now try to use some free VPN
services based on PPTP or OpenVPN.

After connect to them (new network device created - tun or tap and
default route changes) my BIND is not able to reach other (root)
nameservers. And resolve requests fails.

Restarting of BIND service do not help.

These VPN services do not offer own DNS servers and do not change
/etc/resolv.conf.

If I change my resolf.conf to e.g ISPs DNS server, I can then
normally
surf on web, ... == VPN works ok, routes are ok too.

After shutting down the VPN, my BIND then works normally again.

In attachment are ip routes before and after up of VPN and logs of
VPN itself and log of my BIND. 

PLEASE HELP me to get working my BIND also when VPN connection is
active.
My knowlidge about BIND config is minimal and I have no Idea, why
all apps can communicate over the new route (over the VPN) and BIND
fails and logs: network unreachable. If I see on the BIND log, is
not tho problem with IPv6 (which I do not use (and understand))?

Thanks

--kapetr

****************** before VPN
10.6.6.0/24 dev eth0  proto kernel  scope link  src 10.6.6.10  metric 1 
169.254.0.0/16 dev eth0  scope link  metric 1000 
default via 10.6.6.138 dev eth0  proto static 
root@duron650:/etc/bind#


 
****************** after VPN comes up 
root@duron650:/etc/bind# ip route list
173.203.198.31 via 10.6.6.138 dev eth0  proto static 
204.232.203.12 via 10.6.6.138 dev eth0  src 10.6.6.10 
204.232.203.12 dev ppp0  proto kernel  scope link  src 192.168.10.41 
10.6.6.0/24 dev eth0  proto kernel  scope link  src 10.6.6.10  metric 1 
169.254.0.0/16 dev eth0  scope link  metric 1000 
default dev ppp0  proto static 
root@duron650:/etc/bind# 
root@duron650:/etc/bind# ifconfig
eth0      Link encap:Ethernet  HWadr 00:11:d8:10:57:6e  
          inet adr:10.6.6.10  Všesměr:10.6.6.255  Maska:255.255.255.0
          inet6-adr: fe80::211:d8ff:fe10:576e/64 Rozsah:Linka
          AKTIVOVÁNO VŠESMĚROVÉ_VYSÍLÁNÍ BĚŽÍ MULTICAST  MTU:1500  
Metrika:1
          RX packets:45850 errors:0 dropped:0 overruns:0 frame:0
          TX packets:47074 errors:0 dropped:0 overruns:0 carrier:0
          kolizí:0 délka odchozí fronty:1000 
          Přijato bajtů: 21574817 (21.5 MB) Odesláno bajtů: 10146684 (10.1 
MB)
          Přerušení:23 Vstupně/Výstupní port:0xc000 

lo        Link encap:Místní smyčka  
          inet adr:127.0.0.1  Maska:255.0.0.0
          inet6-adr: ::1/128 Rozsah:Počítač
          AKTIVOVÁNO SMYČKA BĚŽÍ  MTU:16436  Metrika:1
          RX packets:10945 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10945 errors:0 dropped:0 overruns:0 carrier:0
          kolizí:0 délka odchozí fronty:0 
          Přijato bajtů: 931884 (931.8 KB) Odesláno bajtů: 931884 (931.8 KB)

ppp0      Link encap:Point-to-Point Protokol  
          inet adr:192.168.10.41  P-t-P:204.232.203.12  Maska:255.255.255.255
          AKTIVOVÁNO POINTOPOINT BĚŽÍ NEARP MULTICAST  MTU:1400  Metrika:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          kolizí:0 délka odchozí fronty:3 
          Přijato bajtů: 96 (96.0 B) Odesláno bajtů: 178 (178.0 B)

root@duron650:/etc/bind# 
--------------------------------------------------------------------


**************** system log od VPN comming up



Apr  8 18:52:16 duron650 NetworkManager[669]: <info> Starting VPN service 
'org.freedesktop.NetworkManager.pptp'...
Apr  8 18:52:16 duron650 NetworkManager[669]: <info> VPN service 
'org.freedesktop.NetworkManager.pptp' started 
(org.freedesktop.NetworkManager.pptp), PID 5718
Apr  8 18:52:16 duron650 NetworkManager[669]: <info> VPN service 
'org.freedesktop.NetworkManager.pptp' appeared, activating connections
Apr  8 18:52:16 duron650 NetworkManager[669]: <info> VPN plugin state changed: 1
Apr  8 18:52:16 duron650 NetworkManager[669]: <info> VPN plugin state changed: 3
Apr  8 18:52:16 duron650 NetworkManager[669]: <info> VPN connection 'VPN on 
Demand' (Connect) reply received.
Apr  8 18:52:16 duron650 pppd[5720]: Plugin 
/usr/lib/pppd/2.4.5//nm-pptp-pppd-plugin.so loaded.
Apr  8 18:52:17 duron650 pppd[5720]: pppd 2.4.5 started by root, uid 0
Apr  8 18:52:17 duron650 modem-manager: (net/ppp0): could not get port's parent 
device
Apr  8 18:52:17 duron650 NetworkManager[669]:    SCPlugin-Ifupdown: devices 
added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Apr  8 18:52:17 duron650 NetworkManager[669]:    SCPlugin-Ifupdown: device 
added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown 
configuration found.
Apr  8 18:52:17 duron650 pppd[5720]: Using interface ppp0
Apr  8 18:52:17 duron650 pppd[5720]: Connect: ppp0 <--> /dev/pts/2
Apr  8 18:52:17 duron650 pptp[5725]: nm-pptp-service-5718 log[main:pptp.c:314]: 
The synchronous pptp option is NOT activated
Apr  8 18:52:17 duron650 pptp[5738]: nm-pptp-service-5718 
log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 
'Start-Control-Connection-Request'
Apr  8 18:52:18 duron650 pptp[5738]: nm-pptp-service-5718 
log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Apr  8 18:52:18 duron650 pptp[5738]: nm-pptp-service-5718 
log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Apr  8 18:52:18 duron650 pptp[5738]: nm-pptp-service-5718 
log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 
'Outgoing-Call-Request'
Apr  8 18:52:19 duron650 pptp[5738]: nm-pptp-service-5718 
log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Apr  8 18:52:19 duron650 pptp[5738]: nm-pptp-service-5718 
log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's 
call ID 64640).
Apr  8 18:52:21 duron650 pppd[5720]: CHAP authentication succeeded
Apr  8 18:52:22 duron650 pppd[5720]: MPPE 128-bit stateless compression enabled
Apr  8 18:52:23 duron650 pppd[5720]: Cannot determine ethernet address for 
proxy ARP
Apr  8 18:52:23 duron650 pppd[5720]: local  IP address 192.168.10.41
Apr  8 18:52:23 duron650 pppd[5720]: remote IP address 204.232.203.12
Apr  8 18:52:23 duron650 pppd[5720]: primary   DNS address 8.8.8.8
Apr  8 18:52:23 duron650 pppd[5720]: secondary DNS address 8.8.4.4
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> VPN connection 'VPN on 
Demand' (IP Config Get) reply received.
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> VPN Gateway: 173.203.198.31
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> Tunnel Device: ppp0
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 Address: 
192.168.10.41
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 Prefix: 32
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 
Point-to-Point Address: 204.232.203.12
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> Maximum Segment Size 
(MSS): 0
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 DNS: 8.8.8.8
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> Internal IP4 DNS: 8.8.4.4
Apr  8 18:52:23 duron650 NetworkManager[669]: <info> DNS Domain: '(none)'
Apr  8 18:52:23 duron650 postfix/master[1431]: reload -- version 2.7.1, 
configuration /etc/postfix
Apr  8 18:52:24 duron650 NetworkManager[669]: <warn> could not commit DNS 
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr  8 18:52:24 duron650 NetworkManager[669]: <info> VPN connection 'VPN on 
Demand' (IP Config Get) complete.
Apr  8 18:52:24 duron650 NetworkManager[669]: <warn> could not commit DNS 
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr  8 18:52:24 duron650 NetworkManager[669]: <info> Policy set 'VPN on Demand' 
(ppp0) as default for IPv4 routing and DNS.
Apr  8 18:52:24 duron650 NetworkManager[669]: <info> VPN plugin state changed: 4
Apr  8 18:52:24 duron650 nm-dispatcher.action: Script 
'/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.


--------- VPN shut down

Apr  8 18:53:19 duron650 pptp[5738]: nm-pptp-service-5718 
log[logecho:pptp_ctrl.c:677]: Echo Reply received.
Apr  8 18:54:20 duron650 pptp[5738]: nm-pptp-service-5718 
log[logecho:pptp_ctrl.c:677]: Echo Reply received.
Apr  8 18:54:45 duron650 pppd[5720]: Terminating on signal 15
Apr  8 18:54:45 duron650 pppd[5720]: Connect time 2.4 minutes.
Apr  8 18:54:45 duron650 pppd[5720]: Sent 261429 bytes, received 261795 bytes.
Apr  8 18:54:45 duron650 NetworkManager[669]: <warn> could not commit DNS 
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr  8 18:54:45 duron650 pppd[5720]: MPPE disabled
Apr  8 18:54:45 duron650 pppd[5720]: Child process /usr/sbin/pptp vpn.vpnod.com 
--nolaunchpppd --loglevel 0 --logstring nm-pptp-service-5718 (pid 5722) 
terminated with signal 15
Apr  8 18:54:45 duron650 postfix/master[1431]: reload -- version 2.7.1, 
configuration /etc/postfix
Apr  8 18:54:46 duron650 NetworkManager[669]: <warn> could not commit DNS 
changes: 'Could not replace /etc/resolv.conf: Operation not permitted#012'
Apr  8 18:54:46 duron650 NetworkManager[669]: <info> Policy set 'Auto eth0' 
(eth0) as default for IPv4 routing and DNS.
Apr  8 18:54:46 duron650 nm-dispatcher.action: Script 
'/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Apr  8 18:54:47 duron650 pppd[5720]: Connection terminated.
Apr  8 18:54:47 duron650 avahi-daemon[667]: Withdrawing workstation service for 
ppp0.
Apr  8 18:54:47 duron650 NetworkManager[669]:    SCPlugin-Ifupdown: devices 
removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Apr  8 18:54:47 duron650 pptp[5725]: nm-pptp-service-5718 
warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
Apr  8 18:54:47 duron650 pptp[5725]: nm-pptp-service-5718 
warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Apr  8 18:54:47 duron650 pptp[5738]: nm-pptp-service-5718 
log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
Apr  8 18:54:47 duron650 pptp[5738]: nm-pptp-service-5718 
log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 
'Call-Clear-Request'
Apr  8 18:54:47 duron650 pptp[5738]: nm-pptp-service-5718 
log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
^C
hugo@duron650:~$ 

-------------------------------------------------------------------------------------


************************ Bind9 logs when VPN comes UP
08-Apr-2011 18:52:23.554 general: info: received control channel command 
'reconfig'
08-Apr-2011 18:52:23.555 general: info: loading configuration from 
'/etc/bind/named.conf'
08-Apr-2011 18:52:23.558 general: info: reading built-in trusted keys from file 
'/etc/bind/bind.keys'
08-Apr-2011 18:52:23.566 general: info: using default UDP/IPv4 port range: 
[1024, 65535]
08-Apr-2011 18:52:23.567 general: info: using default UDP/IPv6 port range: 
[1024, 65535]
08-Apr-2011 18:52:23.604 general: info: set up managed keys zone for view 
_default, file 'managed-keys.bind'
08-Apr-2011 18:52:23.627 general: info: reloading configuration succeeded
08-Apr-2011 18:52:23.628 general: info: any newly configured zones are now 
loaded


08-Apr-2011 18:54:06.206 lame-servers: info: error (network unreachable) 
resolving 'www.ibm.cz/A/IN': 2001:628:453:420::48#53
08-Apr-2011 18:54:07.808 lame-servers: info: error (network unreachable) 
resolving 'www.ibm.cz/A/IN': 2001:678:f::1#53
08-Apr-2011 18:54:07.808 lame-servers: info: error (network unreachable) 
resolving 'www.ibm.cz/A/IN': 2001:678:11::1#53
08-Apr-2011 18:54:08.611 lame-servers: info: error (network unreachable) 
resolving 'www.ibm.cz/A/IN': 2001:678:10::1#53
08-Apr-2011 18:54:08.612 lame-servers: info: error (network unreachable) 
resolving 'www.ibm.cz/A/IN': 2001:678:1::1#53
08-Apr-2011 18:54:14.891 lame-servers: info: error (network unreachable) 
resolving 'ns.almaden.ibm.com/A/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:14.892 lame-servers: info: error (network unreachable) 
resolving 'ns.almaden.ibm.com/AAAA/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:21.294 lame-servers: info: error (network unreachable) 
resolving 'ns.almaden.ibm.com/A/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:25.289 lame-servers: info: error (network unreachable) 
resolving 'ns.watson.ibm.com/A/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.290 lame-servers: info: error (network unreachable) 
resolving 'ns.watson.ibm.com/A/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:25.336 lame-servers: info: error (network unreachable) 
resolving 'd.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.339 lame-servers: info: error (network unreachable) 
resolving 'ns.almaden.ibm.com/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.375 lame-servers: info: error (network unreachable) 
resolving 'ns.watson.ibm.com/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:25.379 lame-servers: info: error (network unreachable) 
resolving 'ns.watson.ibm.com/AAAA/IN': 2001:503:231d::2:30#53
08-Apr-2011 18:54:26.164 lame-servers: info: error (network unreachable) 
resolving 'j.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
08-Apr-2011 18:54:26.951 lame-servers: info: error (network unreachable) 
resolving 'g.gtld-servers.net/AAAA/IN': 2001:503:231

.... e.t.c. ... ... .. .. ..


_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to