0

I'm trying to set up a small, private DNS server. I'm using Bind9 and systemd resolved, netplan for managing the network. I've specified the DNS server in both the netplan configuration and /etc/systemd/resolved.conf, I've also specified the domain name in /etc/systemd/resolved.conf. Reverse DNS queries work just fine but for some reason, forward queries only work if I specify the DNS server, i.e. nslookup vm.example.com 192.168.1.1 works but nslookup vm.example.com leads to

Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find vm.example.com: NXDOMAIN

I've tried to change the options and configuration files etc. a million times, I don't know what to do anymore.

This is resolvectl status output:

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 192.168.1.1
        DNS Servers 192.168.1.1
         DNS Domain example.com

Link 2 (enp0s3)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.2.3
       DNS Servers: 10.0.2.3
        DNS Domain: other.com

Link 3 (enp0s8)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
       DNS Servers: 192.168.1.1

My zone definition in named.conf.local looks like this:

zone "example.com" {
        type primary;
        file "/etc/bind/db.example.com";
};

The zone file:

;
; BIND data file for example.com
;
$ORIGIN example.com.
$TTL    86400
@               IN      SOA     ns1.example.com. hostmaster.example.com. (
                                     24         ; Serial
                                  21600         ; Refresh
                                   3600         ; Retry
                                 604800         ; Expire
                                  86400 )       ; Negative Cache TTL

@               IN      NS      ns1
ns1             IN      A       192.168.1.1

vm              IN      A       192.168.8.5

File permissions are 644, owner root:bind.

This is /etc/hosts on the DNS server:

127.0.0.1 localhost
192.168.1.1 ns1.example.com ns1

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

This is named.conf.options:

acl "trusted" {
    127.0.0.1;
    192.168.0.0/16;
};

options {
        directory "/var/cache/bind";

        allow-query { "trusted"; };

        dnssec-validation no;

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders { <there's an ip address here>; };

        forward only;

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================


        listen-on { any; };
        listen-on-v6 {};
};

There are no currently active firewalls.

Improve this question

2 Answers 2

Reset to default
0

None of your network connections show ~. (default search domain) in the DNS Domain. You'd want to configure that. For example, I use systemd-networkd and have the eth configured like this:

# cat /etc/systemd/network/20-wired.network 
[Match]
Name=eth*

[Network]
DHCP=yes
Domains=my.internal.domain ~.
Improve this answer
1
  • I did what you told be to, Name=eps0* and Domains=example.com ~. in my case, then restarted systemd-networkd but nothing has changed
    – sysad noob
    Nov 16 at 9:57
0

Alright, I found a solution. I had specified the DNS server and domain in /etc/systemd/resolved.conf but for whatever reason, that wasn't sufficient. Whenever /etc/resolv.conf got refreshed, only "nameserver" and "search" were generated correctly while "domain" was left out entirely. So, I removed the symlink from resolv.conf and hard coded nameserver, search and domain in /etc/resolv.conf. Now it works splendidly! :)

Improve this answer
1
  • Yeah that basically avoids going through systemd-resolved entirely - if I understand correctly you put the nameserver directly into resolve.conf. If going through systemd-resolved, then that needs to be configured correctly and somehow none of your connections show a default nameserver in resolvectl (would have ~. in DNS Domain)
    – neingeist
    Nov 20 at 14:00

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .