Hey, are the NS sets in parent and child in sync?
Ondrej -- Ondřej Surý (He/Him) > On 9. 11. 2023, at 10:30, Matthew Vernon <matt...@debian.org> wrote: > > Package: bind9 > Version: 1:9.18.19-1~deb12u1 > Severity: normal > > Hi, > > This is a weird one, but it's been happening daily for a few days now, > so I figured it was worth reporting. > > For the last few days, if I try and visit > https://www.dumbingofage.com/ > > Firefox can't resolve the hostname, similarly on the CLI: > matthew@aragorn:~$ host www.dumbingofage.com > Host www.dumbingofage.com not found: 2(SERVFAIL) > > AFAICT the NSs work - I can do both > dig @23.226.68.75 www.dumbingofage.com > and > dig @23.226.68.76 www.dumbingofage.com > > And get a sensible answer back. > > If I restart bind9 then I am able to resolve the hostname fine, only for > the same problem to recur the following day. > > So _something_ is getting confused, and I'm pretty sure it's bind :) > > Regards, > > Matthew > > -- System Information: > Debian Release: 12.2 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, > 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), > LANGUAGE=en_GB:en > Shell: /bin/sh linked to /usr/bin/dash > Init: sysvinit (via /sbin/init) > LSM: AppArmor: enabled > > Versions of packages bind9 depends on: > ii adduser 3.134 > ii bind9-libs 1:9.18.19-1~deb12u1 > ii bind9-utils 1:9.18.19-1~deb12u1 > ii debconf [debconf-2.0] 1.5.82 > ii dns-root-data 2023010101 > ii init-system-helpers 1.65.2 > ii iproute2 6.1.0-3 > ii libc6 2.36-9+deb12u3 > ii libcap2 1:2.66-4 > ii libelogind0 [libsystemd0] 246.10-1debian1 > ii libfstrm0 0.6.1-1 > ii libjson-c5 0.16-2 > ii liblmdb0 0.9.24-1 > ii libmaxminddb0 1.7.1-1 > ii libnghttp2-14 1.52.0-1 > ii libprotobuf-c1 1.4.1-1+b1 > ii libssl3 3.0.11-1~deb12u2 > ii libuv1 1.44.2-1 > ii libxml2 2.9.14+dfsg-1.3~deb12u1 > ii lsb-base 11.6 > ii netbase 6.4 > ii sysvinit-utils [lsb-base] 3.06-4 > ii zlib1g 1:1.2.13.dfsg-1 > > bind9 recommends no packages. > > Versions of packages bind9 suggests: > pn bind-doc <none> > ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1 > ii dnsutils 1:9.18.19-1~deb12u1 > pn resolvconf <none> > pn ufw <none> > > -- Configuration Files: > /etc/bind/db.127 changed: > ; > ; BIND reverse data file for local loopback interface > ; > $TTL 604800 > @ IN SOA ns.empire.pick.ucam.org. hostmaster.pick.ucam.org. ( > 3 ; Serial > 604800 ; Refresh > 86400 ; Retry > 2419200 ; Expire > 604800 ) ; Negative Cache TTL > ; > @ IN NS localhost. > 1.0.0 IN PTR localhost. > > /etc/bind/named.conf changed: > // This is the primary configuration file for the BIND DNS server named. > // > // Please read /usr/share/doc/bind/README.Debian for information on the > // structure of BIND configuration files in Debian for BIND versions 8.2.1 > // and later, *BEFORE* you customize this configuration file. > // > options { > directory "/var/cache/bind"; > check-names master warn; > // If there is a firewall between you and nameservers you want > // to talk to, you might need to uncomment the query-source > // directive below. Previous versions of BIND always asked > // questions using port 53, but BIND 8.1 and later use an unprivileged > // port by default. > // query-source address * port 53; > // If your ISP provided one or more IP addresses for stable > // nameservers, you probably want to use them as forwarders. > // Uncomment the following block, and insert the addresses replacing > // the all-0's placeholder. > //can't use this, since it would break the reverse zones we secondary > //forwarders { > //212.23.8.1; 212.23.8.6; > //}; > }; > // reduce log verbosity on issues outside our control > logging { > category lame-servers { null; }; > // category cname { null; }; > }; > // prime the server with knowledge of the root servers > zone "." { > type hint; > file "/etc/bind/db.root"; > }; > // be authoritative for the localhost forward and reverse zones, and for > // broadcast zones as per RFC 1912 > zone "localhost" { > type master; > file "/etc/bind/db.local"; > }; > zone "127.in-addr.arpa" { > type master; > file "/etc/bind/db.127"; > }; > zone "0.in-addr.arpa" { > type master; > file "/etc/bind/db.0"; > }; > zone "255.in-addr.arpa" { > type master; > file "/etc/bind/db.255"; > }; > // add entries for other zones below here > zone "empire.pick.ucam.org" { > type master; > file "/etc/bind/db.empire"; > }; > zone "22.16.172.in-addr.arpa" { > type master; > file "/etc/bind/db.172.16.22"; > }; > zone "23.16.172.in-addr.arpa" { > type master; > file "/etc/bind/db.172.16.23"; > }; > // real IP address for the house network with A&A > //zone "160-167.100.2.81.in-addr.arpa" { > // type master; > // file "/etc/bind/db.81.2.100.160-167"; > //}; > // WAN IP address for the ADSL router with A&A > //zone "225.93.2.81.in-addr.arpa" { > // type master; > // file "/etc/bind/db.81.2.93.225"; > //}; > zone "easel.vpn.ucam.org" { > type master; > file "/etc/bind/db.easel"; > }; > zone "principate.org" { type slave; masters { 212.13.197.229; 93.93.128.67; > 45.33.127.156; }; file "slave/principate.org"; }; > zone "principate.org.uk" {type slave; masters { 212.13.197.229; 93.93.128.67; > 45.33.127.156; }; file "slave/principate.org.uk"; }; > zone "168.192.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/168.192.in-addr.arpa"; }; > zone "16.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/16.172.in-addr.arpa"; }; > zone "17.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/17.172.in-addr.arpa"; }; > zone "18.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/18.172.in-addr.arpa"; }; > zone "19.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/19.172.in-addr.arpa"; }; > zone "20.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/20.172.in-addr.arpa"; }; > zone "21.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/21.172.in-addr.arpa"; }; > zone "22.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/22.172.in-addr.arpa"; }; > zone "23.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/23.172.in-addr.arpa"; }; > zone "24.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/24.172.in-addr.arpa"; }; > zone "25.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/25.172.in-addr.arpa"; }; > zone "26.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/26.172.in-addr.arpa"; }; > zone "27.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/27.172.in-addr.arpa"; }; > zone "28.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/28.172.in-addr.arpa"; }; > zone "29.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/29.172.in-addr.arpa"; }; > zone "30.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/30.172.in-addr.arpa"; }; > zone "31.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file > "slave/31.172.in-addr.arpa"; }; > //zone "cam.ac.uk" {type slave; masters { 131.111.8.37; 131.111.12.37; }; > file "slave/cam.ac.uk"; }; > zone "ucam.org" {type slave; masters { 212.13.197.229; }; file > "slave/ucam.org"; }; > //zone "greenend.empire.pick.ucam.org" {type slave; masters { 192.168.73.1; > }; file "slave/greenend.empire.pick.ucam.org"; }; > > > -- debconf information: > bind9/start-as-user: bind > bind9/different-configuration-file: > bind9/run-resolvconf: true >