As far as I know, the only "special" thing that BIND does consistently on a
restart, that it doesn't do on a regular basis in normal operation, is a
"priming" query to whatever is configured as root nameservers. I suppose it's
_possible_ that there is something about priming queries, particularly, that
exercises a codepath in the router, with a horrible bug in it. This is - as
Mark speculated - much more likely if the router is trying to do something
"smart" with your DNS, e.g. intrusion detection/prevention, reputation-based
blacklisting, something like that. I'd look at the router config and see if you
can turn any feature(s) like that *off*.
Failing that, if priming queries are the culprit, it should be fairly easy to
reproduce the scenario, since one can issue identical-looking queries to the
same root-nameserver destinations (the main difference between these and other
command-line-generated queries would consist of making them non-recursive). If
you can reproduce the issue at will, maybe the router manufacturer would
actually listen to your trouble report.
Putting on my InfoSec paranoia hat for a second, if it's the *responses* to the
priming queries that are causing the router to go belly-up, then this is a
scary prospect indeed, since it raises the possibility that evildoers could
send *spoofed* responses like that, to routers of that make/model, and this
would be a powerful Denial of Service attack.
- Kevin
From: bind-users [mailto:[email protected]] On Behalf Of Chris
Serella
Sent: Thursday, May 25, 2017 10:24 AM
To: [email protected]
Subject: Weird issue with bind & router
I run a small dev system on my home network, housing dns etc all under the one
server.
System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.
Anyway, the problem i am having comes down to the router rebooting (is it
crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt
be an issue, DNS rarely changes so the service does not need restarting but the
problem occurs on system boot too.
The router in question is a Plusnet Hub One which I believe is actually a
repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server
installed.
Troubleshooting was difficult as i couldnt isolate what it was until i went
over to ISPConfig for assistance, they informed me that a DNS reload on their
software simply saves data to files and initiates a service restart.
With this information to hand I made no changes to the DNS in ISPConfig,
instead i opened a terminal and tunnels into the server and issued a bind9
restart from there.
Sure enough the problem reared its ugly little head, The ssh session dropped
out and looking over to the router i could see it was going through its power
cycle. To be sure this wasn't some freakishly well timed coincidence, I
completed the steps several times more (3) all with the same result.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
