Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#858 - Installing bind / named will cause resolving names failure due to race condition with network #5796

Open
openwrt-bot opened this issue Jun 20, 2017 · 1 comment
Labels

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Jun 20, 2017

helgadeville:

Device TP-LINK MR-3220 v2.1 and 2.3 and 2.4 tested, LEDE 17.01.1 version.

After installing bind-server, setting "option port '0'" for dnsmasq (to disable DNS configuration) and using provided named.conf file (below), resolution of domain names to IP addresses breaks down.

I was able to track down the problem. There is race condition in bringing interfaces up, starting nptd service and named service, resulting in:

  • named service beeing unable to open sockets and/or
  • ntpd service beeing unable to connect to ntp pool and set router time correctly and/or
  • incorrect time setting causes dnssec of named to reject proper answers for dns resolving.

With no named installed, the dnsmasq itself often starts too early, but this is masked by it beeing reinitialized on lan interface up event.

This is a known openwrt problem, the workaround is described here: https://dev.openwrt.org/ticket/19427
and involves creating a "netwait" service. I have tested this workaround and confirmed it works, however it is not nice.

Here my named.conf:

// This is the primary configuration file for the BIND DNS server named.

acl locals {
localhost;
10.10.10/24;
};

options {
directory "/tmp";

forwarders {
 	8.8.8.8;
 	8.8.4.4;
};

recursion yes;
allow-query { locals; };

dnssec-validation auto;
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { none; };
listen-on { 127.0.0.1; 10.10.10.10; };

};

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Jun 20, 2017

helgadeville:

"Reported version" should be set to 17.01, sorry I forgot that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant