First, I want to apologize, the Vagrant file I uploaded was apparently
the incorrect one. I'm attaching the version I'm testing with. I
actually found this with my internal server running as an LXD container.
With my options file set to the following (192.168.0.130 eth0 address):
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1;
};
//======================================================================
==
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//======================================================================
==
dnssec-validation false;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on { 192.168.0.130; };
};
vagrant@ubuntu-bionic:/etc/bind$ nslookup ubuntu.com - 192.168.0.130
Server: 192.168.0.130
Address: 192.168.0.130#53
Non-authoritative answer:
Name: ubuntu.com
Address: 91.189.94.40
** server can't find ubuntu.com: SERVFAIL
vagrant@ubuntu-bionic:/etc/bind$ dig @192.168.0.130 +trace ubuntu.com
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @192.168.0.130 +trace ubuntu.com
; (1 server found)
;; global options: +cmd
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
;; Received 343 bytes from 192.168.0.130#53(192.168.0.130) in 0 ms
;; expected opt record in response
ubuntu.com. 599 IN A 91.189.94.40
. 3574 IN NS c.root-servers.net.
. 3574 IN NS d.root-servers.net.
. 3574 IN NS e.root-servers.net.
. 3574 IN NS f.root-servers.net.
. 3574 IN NS g.root-servers.net.
. 3574 IN NS h.root-servers.net.
. 3574 IN NS i.root-servers.net.
. 3574 IN NS a.root-servers.net.
. 3574 IN NS j.root-servers.net.
. 3574 IN NS k.root-servers.net.
. 3574 IN NS l.root-servers.net.
. 3574 IN NS m.root-servers.net.
. 3574 IN NS b.root-servers.net.
;; Received 271 bytes from 199.9.14.201#53(B.ROOT-SERVERS.NET) in 61 ms
vagrant@ubuntu-bionic:/etc/bind$ host -d ubuntu.com 192.168.0.130
Trying "ubuntu.com"
Using domain server:
Name: 192.168.0.130
Address: 192.168.0.130#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30799
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ubuntu.com. IN A
;; ANSWER SECTION:
ubuntu.com. 445 IN A 91.189.94.40
Received 44 bytes from 192.168.0.130#53 in 0 ms
Trying "ubuntu.com"
Host ubuntu.com not found: 2(SERVFAIL)
Received 28 bytes from 192.168.0.130#53 in 90 ms
Trying "ubuntu.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61761
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 2
;; QUESTION SECTION:
;ubuntu.com. IN MX
;; ANSWER SECTION:
ubuntu.com. 2554 IN MX 10 mx.canonical.com.
;; AUTHORITY SECTION:
. 3551 IN NS k.root-servers.net.
. 3551 IN NS f.root-servers.net.
. 3551 IN NS b.root-servers.net.
. 3551 IN NS i.root-servers.net.
. 3551 IN NS g.root-servers.net.
. 3551 IN NS a.root-servers.net.
. 3551 IN NS h.root-servers.net.
. 3551 IN NS e.root-servers.net.
. 3551 IN NS c.root-servers.net.
. 3551 IN NS d.root-servers.net.
. 3551 IN NS l.root-servers.net.
. 3551 IN NS m.root-servers.net.
. 3551 IN NS j.root-servers.net.
;; ADDITIONAL SECTION:
e.root-servers.net. 2823 IN AAAA 2001:500:a8::e
g.root-servers.net. 2823 IN AAAA 2001:500:12::d0d
Received 324 bytes from 192.168.0.130#53 in 0 ms
However, I'm hesitant to say it's just an issue with nslookup as:
vagrant@ubuntu-bionic:/etc/bind$ nslookup ubuntu.com - 1.1.1.1
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: ubuntu.com
Address: 91.189.94.40
And per notes above, using Debian stretch to the same bind servers does
not result in the error so there's a combination of the (bionic)nslookup
and (bionic)named.
sysadmin@prometheus:~ $ lsb_release --all
No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 9.4 (stretch)
Release: 9.4
Codename: stretch
prometheus:~ $ nslookup ubuntu.com - 192.168.0.130
Server: 192.168.0.130
Address: 192.168.0.130#53
Non-authoritative answer:
Name: ubuntu.com
Address: 91.189.94.40
So the bind server *is* working?
Changing named.conf.options to match yours (192.168.0.130 is the vagrant
eth0 address)
vagrant@ubuntu-bionic:/etc/bind$ more named.conf.options
options {
directory "/var/cache/bind";
forwarders {
1.1.1.1;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on { 192.168.0.130; };
};
vagrant@ubuntu-bionic:/etc/bind$ nslookup ubuntu.com - 192.168.0.130
Server: 192.168.0.130
Address: 192.168.0.130#53
** server can't find ubuntu.com: SERVFAIL
Output for dig with same configuration:
vagrant@ubuntu-bionic:~$ dig @192.168.0.130 +trace ubuntu.com
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @192.168.0.130 +trace ubuntu.com
; (1 server found)
;; global options: +cmd
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
;; Received 267 bytes from 192.168.0.130#53(192.168.0.130) in 0 ms
;; expected opt record in response
ubuntu.com. 228 IN A 91.189.94.40
. 3203 IN NS k.root-servers.net.
. 3203 IN NS l.root-servers.net.
. 3203 IN NS m.root-servers.net.
. 3203 IN NS b.root-servers.net.
. 3203 IN NS c.root-servers.net.
. 3203 IN NS d.root-servers.net.
. 3203 IN NS e.root-servers.net.
. 3203 IN NS f.root-servers.net.
. 3203 IN NS g.root-servers.net.
. 3203 IN NS h.root-servers.net.
. 3203 IN NS i.root-servers.net.
. 3203 IN NS a.root-servers.net.
. 3203 IN NS j.root-servers.net.
;; Received 271 bytes from 199.7.91.13#53(D.ROOT-SERVERS.NET) in 16 ms
vagrant@ubuntu-bionic:~$ host -d ubuntu.com 192.168.0.130
Trying "ubuntu.com"
Using domain server:
Name: 192.168.0.130
Address: 192.168.0.130#53
Aliases:
Host ubuntu.com not found: 2(SERVFAIL)
Received 28 bytes from 192.168.0.130#53 in 4066 ms
So there's also an issue with `host` with the dnssec set to auto.
Changing it back to false is the same results (only change is the ipv6
listen entry).
I've uploaded the Vagrant file I'm using to debug. It will fail upon
vagrant up after the nslookup tests but you should be able to `vagrant
ssh` into the system and test from there.
I would be interested to see if the Vagrant system works for you as
well.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1787739
Title:
postfix name lookup failed after dist-upgrade (Aug-2018)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1787739/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
