Hi, I have a domain name registered, which points to my WAN/GATEWAY IP, and use to access my email server running on ubuntu 18.04 when away from home. I also have bind running on the server for resolving local DNS request. So if I am at home mydomain.nz resolves to 10.0.05. This all worked fine under ubuntu 14.04, upgraded to ubuntu 18.04 on server and now it will resolve mydomain.nz to 10.0.0.5 for 15 to 30 minutes mins, then it resolves it to my WAN/GATEWAY IP address which then stops my email app etc from accessing the email server inside the house, unless I use 10.0.0.5 in browser or apps. named.config.local: zone "mydomain.nz" { type master; allow-transfer {none;}; file "/etc/bind/pri.domain.nz"; }; pri.mydomain.nz: $TTL 3600 @ IN SOA ns1.mydomain.nz. webmaster.mydomain.nz. ( 2019110511 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; dav 3600 A 10.0.0.5 mydomain.nz. 3600 A 10.0.0.5 mail 3600 A 10.0.0.5 mx1 3600 A 10.0.0.5 ns1 3600 A 10.0.0.5 www 3600 A 10.0.0.5 mydomain.nz. 3600 MX 10 mx1.mydomain.nz. mydomain.nz. 3600 NS ns1.mydomain.nz. mydomain.nz. 3600 TXT "v=spf1 mx a ~all" systemd-resolve --status output: ..... DNS Servers: 127.0.0.1 10.0.0.5 8.8.8.8 8.8.4.4 dig mydomain.nz: ; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>>mydomain.nz ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53124 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mydomain.nz. IN A ;; ANSWER SECTION: mydomain.nz. 3407 IN A 125.XXX.XXX.XX ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Wed Nov 06 09:57:42 NZDT 2019 ;; MSG SIZE rcvd: 60 dig @10.0.0.5 mydomain.nz ; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> @10.0.0.5 mydomain.nz ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52588 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mydomain.nz. IN A ;; ANSWER SECTION: mydomain.nz. 3600 IN A 10.0.0.5 ;; AUTHORITY SECTION: mydomain.nz. 3600 IN NS ns1.mydomain.nz. ;; ADDITIONAL SECTION: ns1.mydomain.nz. 3600 IN A 10.0.0.5 ;; Query time: 0 msec ;; SERVER: 10.0.0.5#53(10.0.0.5) ;; WHEN: Wed Nov 06 09:59:12 NZDT 2019 ;; MSG SIZE rcvd: 94 Netplan settings (/etc/netplan/50-cloud-init.yaml): network: ethernets: enp5s0: dhcp4: no dhcp6: no addresses: [10.0.0.6/24, ] gateway4: 10.0.0.1 nameservers: addresses: [127.0.0.1, 10.0.0.5, 8.8.8.8, 8.8.4.4] version: 2 Is there anyway to stop BIND from using external DNS servers (8.8.8.8/.4.4) for resolving internal DNS requests ? thanks Dave
Yes. I believe you have correctly diagnosed the problem. This shows the host uses four name servers. I think all other stuff you posted is just extra things to read not useful to solving your problem. Read the docs for your OS on how to set what name servers it uses, and remove the extra. Try Internet Search Engines with Code: ubuntu systemctl name servers
Hi Taleman. I understand that I have google name servers as need external DNS server for external domains to be able to send emails, and those external queries are cached. What I dont understand is why is bind using google name servers when my server is the authoritative DNS for mydomain.nz ? Why did this not happen in ubuntu 14.04 ? Why does it work as I expect for a while, then starts using external servers - server load is averaging 0.7% as am using only for testing at this stage. By having the following doesn't it mean that my DNS server is the authoritative DNS server for mydomain.nz and shouldn't be looking up external DNS servers to resolve ? named.config.local: zone "mydomain.nz" { type master; allow-transfer {none;}; file "/etc/bind/pri.domain.nz"; }; I have searched google, used "bind dns authoritative for localdomain" and what you put above as my search and read bind documentation, which leads me to believe I have set everything up correctly, and that if TYPE MASTER; in zone file means that my DNS server should be queried first to try to resolve the DNS query, and if that query isn't resolved it goes through the list of DNS servers and tries them in the order they are listed. eg in my case - tries 127.0.0.1, then 10.0.0.5, then 8.8.8.8 and finally 8.8.4.4 until it resolves the query. thanks Dave
Bind uses the name servers it is configured to use. Your host can not know which name server is authoritative for a given domain before it queries name service and gets that info. So it can not send the query to the authoritative name server, and name service is not meant to work so that queries are only sent to the authoritative name server. Your host picks one name server from the list it is given, and sends the query there. If it picks those Google name servers, they answer with the external IP-number of your domain. If it picks your internal name server, that answers with the internal IP-number. I still say that to make your host work the way you want, remove 8.8.8.8 and 8.8.4.4 from your hosts configured name server list.
Taleman - thanks for your replies and help. An update after playing around and testing for past 2 days... I have removed the google DNS servers from my netplan config file. I have then added them to my bind options file instead as below: /etc/netplan/50-cloud-init.yaml network: ethernets: enp5s0: dhcp4: no dhcp6: no addresses: [10.0.0.6/24, ] gateway4: 10.0.0.1 nameservers: addresses: [127.0.0.1, 10.0.0.5] version: 2 /etc/bind/named.conf.options acl "trusted" { # ns1 - can be set to localhost 127.0.0.1; 10.0.0.5; }; options { directory "/var/cache/bind"; recursion yes; # enables resursive queries allow-recursion { trusted; }; # allows recursive queries from "trusted" clients listen-on { 10.0.0.5; }; # ns1 private IP address - listen on private network only allow-transfer { none; }; # disable zone transfers by default forwarders { 8.8.8.8; 8.8.4.4; }; } What bind appears to be doing in 18.04 of ubunutu is randomly pick a DNS server from the list of NameServers to resolve domains names, even if that domain is listed as being authoritative on my DNS server. So to fix this I have had to put forwarders in the named.conf.options file, telling bind to go look at external DNS servers if it cant find the domain name listed in it bind tables or cached locally.
That is what it is designed to do and all name server software should work in the same way. That is not necessary, you can try by removing the forwarders definition, things should still work the same. What the forwarders does is makes bind use those nameservers first when it does not know the answer. The intended purpose is to put the fastest name servers there, so answers are received fast. I put my Internet Service Providers name servers as forwarders, they usually are the fastest to answer simply because they are the closest in network topology. Google does have good name servers, but if they are on the next continent getting the answer from them takes longer that querying some close by name server. So things are now working OK at least as far as name service goes?