Bind9 dns-cache returns my ip to bad queries

0

I'm having some issues with my bind9 dns cache returning an answer to any query. Why? Can I disable that behavior somehow?

nslookup not.a.valid.query
Server:  UnKnown
Address:  192.168.0.1

Non-authoritative answer:
Name:    not.a.valid.query.robertfoss.se
Address:  *my public ip address*

If I disable the line option domain-name "robertfoss.se"; in my dhcpd.conf (and restart the service) the same query results in the much more sane dns-answer:

nslookup not.a.valid.query
Server:  UnKnown
Address:  192.168.0.1

bind9 named.conf.options

options {
    directory "/var/cache/bind";

    forwarders {
            81.88.9.218;
            8.8.8.8;
            81.88.9.220;
            8.8.4.4;
    };

    // Security options
    allow-query {127.0.0.1; 192.168.0.0/24; };
    allow-recursion { 127.0.0.1; 192.168.0.0/24; };
    allow-transfer { none; };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

I'm running bind9 on a ubuntu host.

Robert Foss

Posted 2011-04-29T10:17:46.820

Reputation: 101

Answers

1

The DNS record for the domain you are testing, robertfoss.se is serving a wildcard A record. Querying the nameserver for robertfoss.se directly I get:

$ nslookup
> server ns1.loopia.se
Default server: ns1.loopia.se
Address: 93.188.0.20#53
> test.robertfoss.se
Server:         ns1.loopia.se
Address:        93.188.0.20#53

Name:   test.robertfoss.se
Address: 85.235.31.248
> nothing.should.be.here.robertfoss.se
Server:         ns1.loopia.se
Address:        93.188.0.20#53

Name:   nothing.should.be.here.robertfoss.se
Address: 85.235.31.248

So what's happening on your local machine when robertfoss.se is set as the domain name for dhcp clients? That's easy, nslookup is appending the default domain name to the query. So, for example, if you nslookup this.is.a.cool.name, it will change it to nslookup this.is.a.cool.name.robertfoss.se.

Two things might solve the problem. First, in named.conf make sure the '.' zone is type=hint, not type=master. Second, check resolv.conf search and domain options.

Personally, for small networks I prefer dnsmasq. Lightweight, flexible, easy to configure.

h0tw1r3

Posted 2011-04-29T10:17:46.820

Reputation: 1 408

The problem is that queries that arent related to me nor valid are such as "a bad query" are returned as a.bad.query.robertfoss.se. Why is that? I've updated the question with some new findings. – Robert Foss – 2011-05-05T06:58:55.403

Updated based on the new information, dnsmasq is much easier to use as a caching name server and it has a dhcp server built-in that will serve client hostnames automatically. – h0tw1r3 – 2011-05-07T07:51:00.633

You have an domain option, which means each time you query a name, you will first try to resolve name.robertfoss.se As there is a wildcard entry in robertfoss.se, there will always be an answer. – slubman – 2011-05-07T07:52:07.280

Asked: 2011-04-29T10:17:46.820

Viewed: 419 times

Active: 2011-05-07T07:48:50.497