Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1055632: bind9: needs restarting daily to resolve www.dumbingofage.com
6 views
Skip to first unread message
Matthew Vernon
Nov 9, 2023, 4:40:05 AM11/9/23
to
Package: bind9
Version: 1:9.18.19-1~deb12u1
Severity: normal
Hi,
This is a weird one, but it's been happening daily for a few days now,
so I figured it was worth reporting.
For the last few days, if I try and visit
https://www.dumbingofage.com/
Firefox can't resolve the hostname, similarly on the CLI:
matthew@aragorn:~$ host www.dumbingofage.com
Host www.dumbingofage.com not found: 2(SERVFAIL)
AFAICT the NSs work - I can do both
dig @23.226.68.75 www.dumbingofage.com
and
dig @23.226.68.76 www.dumbingofage.com
And get a sensible answer back.
If I restart bind9 then I am able to resolve the hostname fine, only for
the same problem to recur the following day.
So _something_ is getting confused, and I'm pretty sure it's bind :)
Regards,
Matthew
-- System Information:
Debian Release: 12.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages bind9 depends on:
ii adduser 3.134
ii bind9-libs 1:9.18.19-1~deb12u1
ii bind9-utils 1:9.18.19-1~deb12u1
ii debconf [debconf-2.0] 1.5.82
ii dns-root-data 2023010101
ii init-system-helpers 1.65.2
ii iproute2 6.1.0-3
ii libc6 2.36-9+deb12u3
ii libcap2 1:2.66-4
ii libelogind0 [libsystemd0] 246.10-1debian1
ii libfstrm0 0.6.1-1
ii libjson-c5 0.16-2
ii liblmdb0 0.9.24-1
ii libmaxminddb0 1.7.1-1
ii libnghttp2-14 1.52.0-1
ii libprotobuf-c1 1.4.1-1+b1
ii libssl3 3.0.11-1~deb12u2
ii libuv1 1.44.2-1
ii libxml2 2.9.14+dfsg-1.3~deb12u1
ii lsb-base 11.6
ii netbase 6.4
ii sysvinit-utils [lsb-base] 3.06-4
ii zlib1g 1:1.2.13.dfsg-1
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind-doc <none>
ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1
ii dnsutils 1:9.18.19-1~deb12u1
pn resolvconf <none>
pn ufw <none>
-- Configuration Files:
/etc/bind/db.127 changed:
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.empire.pick.ucam.org. hostmaster.pick.ucam.org. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.
/etc/bind/named.conf changed:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the
// structure of BIND configuration files in Debian for BIND versions 8.2.1
// and later, *BEFORE* you customize this configuration file.
//
options {
directory "/var/cache/bind";
check-names master warn;
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//can't use this, since it would break the reverse zones we secondary
//forwarders {
//212.23.8.1; 212.23.8.6;
//};
};
// reduce log verbosity on issues outside our control
logging {
category lame-servers { null; };
// category cname { null; };
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add entries for other zones below here
zone "empire.pick.ucam.org" {
type master;
file "/etc/bind/db.empire";
};
zone "22.16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172.16.22";
};
zone "23.16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172.16.23";
};
// real IP address for the house network with A&A
//zone "160-167.100.2.81.in-addr.arpa" {
// type master;
// file "/etc/bind/db.81.2.100.160-167";
//};
// WAN IP address for the ADSL router with A&A
//zone "225.93.2.81.in-addr.arpa" {
// type master;
// file "/etc/bind/db.81.2.93.225";
//};
zone "easel.vpn.ucam.org" {
type master;
file "/etc/bind/db.easel";
};
zone "principate.org" { type slave; masters { 212.13.197.229; 93.93.128.67; 45.33.127.156; }; file "slave/principate.org"; };
zone "principate.org.uk" {type slave; masters { 212.13.197.229; 93.93.128.67; 45.33.127.156; }; file "slave/principate.org.uk"; };
zone "168.192.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/168.192.in-addr.arpa"; };
zone "16.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/16.172.in-addr.arpa"; };
zone "17.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/17.172.in-addr.arpa"; };
zone "18.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/18.172.in-addr.arpa"; };
zone "19.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/19.172.in-addr.arpa"; };
zone "20.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/20.172.in-addr.arpa"; };
zone "21.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/21.172.in-addr.arpa"; };
zone "22.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/22.172.in-addr.arpa"; };
zone "23.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/23.172.in-addr.arpa"; };
zone "24.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/24.172.in-addr.arpa"; };
zone "25.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/25.172.in-addr.arpa"; };
zone "26.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/26.172.in-addr.arpa"; };
zone "27.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/27.172.in-addr.arpa"; };
zone "28.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/28.172.in-addr.arpa"; };
zone "29.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/29.172.in-addr.arpa"; };
zone "30.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/30.172.in-addr.arpa"; };
zone "31.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/31.172.in-addr.arpa"; };
//zone "cam.ac.uk" {type slave; masters { 131.111.8.37; 131.111.12.37; }; file "slave/cam.ac.uk"; };
zone "ucam.org" {type slave; masters { 212.13.197.229; }; file "slave/ucam.org"; };
//zone "greenend.empire.pick.ucam.org" {type slave; masters { 192.168.73.1; }; file "slave/greenend.empire.pick.ucam.org"; };
-- debconf information:
bind9/start-as-user: bind
bind9/different-configuration-file:
bind9/run-resolvconf: true
Version: 1:9.18.19-1~deb12u1
Severity: normal
Hi,
This is a weird one, but it's been happening daily for a few days now,
so I figured it was worth reporting.
For the last few days, if I try and visit
https://www.dumbingofage.com/
Firefox can't resolve the hostname, similarly on the CLI:
matthew@aragorn:~$ host www.dumbingofage.com
Host www.dumbingofage.com not found: 2(SERVFAIL)
AFAICT the NSs work - I can do both
dig @23.226.68.75 www.dumbingofage.com
and
dig @23.226.68.76 www.dumbingofage.com
And get a sensible answer back.
If I restart bind9 then I am able to resolve the hostname fine, only for
the same problem to recur the following day.
So _something_ is getting confused, and I'm pretty sure it's bind :)
Regards,
Matthew
-- System Information:
Debian Release: 12.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages bind9 depends on:
ii adduser 3.134
ii bind9-libs 1:9.18.19-1~deb12u1
ii bind9-utils 1:9.18.19-1~deb12u1
ii debconf [debconf-2.0] 1.5.82
ii dns-root-data 2023010101
ii init-system-helpers 1.65.2
ii iproute2 6.1.0-3
ii libc6 2.36-9+deb12u3
ii libcap2 1:2.66-4
ii libelogind0 [libsystemd0] 246.10-1debian1
ii libfstrm0 0.6.1-1
ii libjson-c5 0.16-2
ii liblmdb0 0.9.24-1
ii libmaxminddb0 1.7.1-1
ii libnghttp2-14 1.52.0-1
ii libprotobuf-c1 1.4.1-1+b1
ii libssl3 3.0.11-1~deb12u2
ii libuv1 1.44.2-1
ii libxml2 2.9.14+dfsg-1.3~deb12u1
ii lsb-base 11.6
ii netbase 6.4
ii sysvinit-utils [lsb-base] 3.06-4
ii zlib1g 1:1.2.13.dfsg-1
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind-doc <none>
ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1
ii dnsutils 1:9.18.19-1~deb12u1
pn resolvconf <none>
pn ufw <none>
-- Configuration Files:
/etc/bind/db.127 changed:
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.empire.pick.ucam.org. hostmaster.pick.ucam.org. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.
/etc/bind/named.conf changed:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the
// structure of BIND configuration files in Debian for BIND versions 8.2.1
// and later, *BEFORE* you customize this configuration file.
//
options {
directory "/var/cache/bind";
check-names master warn;
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//can't use this, since it would break the reverse zones we secondary
//forwarders {
//212.23.8.1; 212.23.8.6;
//};
};
// reduce log verbosity on issues outside our control
logging {
category lame-servers { null; };
// category cname { null; };
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add entries for other zones below here
zone "empire.pick.ucam.org" {
type master;
file "/etc/bind/db.empire";
};
zone "22.16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172.16.22";
};
zone "23.16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172.16.23";
};
// real IP address for the house network with A&A
//zone "160-167.100.2.81.in-addr.arpa" {
// type master;
// file "/etc/bind/db.81.2.100.160-167";
//};
// WAN IP address for the ADSL router with A&A
//zone "225.93.2.81.in-addr.arpa" {
// type master;
// file "/etc/bind/db.81.2.93.225";
//};
zone "easel.vpn.ucam.org" {
type master;
file "/etc/bind/db.easel";
};
zone "principate.org" { type slave; masters { 212.13.197.229; 93.93.128.67; 45.33.127.156; }; file "slave/principate.org"; };
zone "principate.org.uk" {type slave; masters { 212.13.197.229; 93.93.128.67; 45.33.127.156; }; file "slave/principate.org.uk"; };
zone "168.192.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/168.192.in-addr.arpa"; };
zone "16.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/16.172.in-addr.arpa"; };
zone "17.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/17.172.in-addr.arpa"; };
zone "18.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/18.172.in-addr.arpa"; };
zone "19.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/19.172.in-addr.arpa"; };
zone "20.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/20.172.in-addr.arpa"; };
zone "21.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/21.172.in-addr.arpa"; };
zone "22.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/22.172.in-addr.arpa"; };
zone "23.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/23.172.in-addr.arpa"; };
zone "24.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/24.172.in-addr.arpa"; };
zone "25.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/25.172.in-addr.arpa"; };
zone "26.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/26.172.in-addr.arpa"; };
zone "27.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/27.172.in-addr.arpa"; };
zone "28.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/28.172.in-addr.arpa"; };
zone "29.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/29.172.in-addr.arpa"; };
zone "30.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/30.172.in-addr.arpa"; };
zone "31.172.in-addr.arpa" { type slave; masters { 172.31.80.8; }; file "slave/31.172.in-addr.arpa"; };
//zone "cam.ac.uk" {type slave; masters { 131.111.8.37; 131.111.12.37; }; file "slave/cam.ac.uk"; };
zone "ucam.org" {type slave; masters { 212.13.197.229; }; file "slave/ucam.org"; };
//zone "greenend.empire.pick.ucam.org" {type slave; masters { 192.168.73.1; }; file "slave/greenend.empire.pick.ucam.org"; };
-- debconf information:
bind9/start-as-user: bind
bind9/different-configuration-file:
bind9/run-resolvconf: true
0 new messages