maas-dhcpd is not on because bind9 127.0.0.1#954: connection refused

Do anyone know how to resolve this issue?

Service 'maas-dhcpd' is not on, it will be started. Service 'bind9' failed to start. Its current state is 'dead' and 'Result: exit-code'. Reloading BIND failed (is it running?): Command `rndc -c /etc/bind/maas/rndc.conf.maas reload` returned non-zero exit status 1:#012rndc: connect failed: 127.0.0.1#954: connection refused 

I have 2 subnets, one bridge and one local network with 3 interfaces eth0, eth1, br1 my network interfaces:

source /etc/network/interfaces.d/*  # The loopback network interface auto lo iface lo inet loopback dns-nameservers x.x.1.1 dns-search maas  # The primary network interface auto eth0 iface eth0 inet static address x.x.1.2 netmask 255.255.255.0 gateway x.x.1.1 dns-nameservers x.x.1.1 8.8.8.8 8.8.4.4 mtu 1500  auto eth1 iface eth1 inet manual mtu 1500  auto br1 iface br1 inet static address x.x.30.1 netmask 255.255.255.0    bridge_ports eth1    bridge_stp off    bridge_fd 0    bridge_maxwait 0 

Maas subnet configuration from UI: Managed allocation is disabled for below:

Name x.x.1.0/24 CIDR x.x.1.0/24 Gateway IP x.x.1.2 DNS 172.16.1.1 

Managed allocation is enabled for below:

Name x.x.30.0/24 CIDR x.x.30.0/24 Gateway IP x.x.30.1 DNS x.x.1.1 

Running sudo rndc -c /etc/bind/maas/rndc.conf.maas reload ends up with:

rndc: connect failed: 127.0.0.1#954: connection refused 

I’m not sure what am I missing, this MaaS version is 2.5

Additional note: for while i’m investigating, I noticed that there are duplicated entries in named.conf.maas, if I fix the duplicate manually, it will be autogenerated again and back to the same issue.

/etc/bind/maas/named.conf.maas:92: zone 'x.y.z.in-addr.arpa': already exists previous definition: /etc/bind/maas/named.conf.maas:56 

The above issue is related to https://discourse.maas.io/t/facing-old-bug-lp-1683047-with-maas-2-5-stable-bind9-fails-to-start-duplicated-entry/314

Setting up a private root DNS server using BIND9

I’m implementing a full DNS hierarchy using BIND9 and raspberryPis. I have set up a private authoritative name server, a TLD name server and a resolver. I’m trying to set up a root server and need the resolver to get redirected from root->TLD->Authoritative NS.

I updated the root hints file (“db.root” on the resolver) to hold the private IP address of the new root.

.           36000 IN NS ROOT. ROOT. 36000 IN A  192.168.0.109 

When I use the resolver to perform a “dig +trace”, I receive NS ROOT. in the authority section but the additional section does not contain it’s IP. Dig gives the following error

couldn't get address for 'ROOT': not found 

I think I’m facing the same problem being redirected from my TLD NS as well, but I guess fixing this would also fix that.

Are there any special settings related to the configuration or DNSSec that are preventing me from implementing a private DNS tree?

Bind9 DNS reverse lookup fail with no reason

Okay so I got a problem, that my reverse lookup fail on my bind9 dns

# nslookup 192.168.1.6  Server:     127.0.1.1 Address:    127.0.1.1#53  ** server can't find 6.1.168.192.in-addr.arpa: NXDOMAIN  # nano /var/named/6.zone $  TTL 86400 @ IN SOA localhost ( 991079290 ; serial 28800 ; refresh  14400 ; retry  3600000 ; expire  86400 ; default_ttl  )  IN NS localhost.  6.1 IN PTR localhost. ; 192.168.1.6  # nano /etc/bind/named.conf.local zone “6.1.168.192.in-addr.arpa” { type master; file “/var/named/6.zone”     allow-update {key rndc-key; };  };  # /etc/bind/named.conf   include "/etc/bind/named.conf.options";  include "/etc/bind/named.conf.local";  include "/etc/bind/named.conf.default-zones"; 

as I see it, everything looks fine. what could cause the problem?

Keeping DNSSEC KSKs offline with BIND9

I am looking to move the private part of the KSK for my domains off my main nameserver. I’ve tried this with a test domain and get errors like this:

dns_dnssec_keylistfromrdataset: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found ... dns_dnssec_findzonekeys2: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found 

This guide recommends keeping the private KSKs offline without much further comment so I’m guessing it’s ok to ignore these warnings? The zone continues to operate as expected and I can make changes fine (the errors just keep appearing).

If it is ok to ignore the warning, is there a way to disable it so the logs don’t get filled up?

create SRV record using bind9

i’m new to ubuntu bind9 DNS service.

in my zone file – which is pre-existing in company and working fine for CNAME records i’m trying to setup a SRV record

_http._tcp.jenkins-xxx IN SRV 10 10 8080 myjenkinsserver

i restarted the bind9 service. it is not nslookuping the record for some reason…

I need to define the jenkins host to be accessed using a service record in the DNS.

i really went over lots of posts online about this before asking the question… is it really not possible to setup a SRV record? only by using reverse proxy?

ISC-DHCPD & BIND9: Dynamic DNS interaction

I am running isc-dhcpd-4.4.1 and BIND 9.11.6 servers on FreeBSD 11.2 for a small company.

DHCPD serves a number of Windows stations (assigning them mostly static IP addresses), several special-purpose devices (getting static public IP addresses – must be available to our clients) and also different portable devices connecting the network through WiFi (which get addresses from a predefined range 192.168.120.50-192.168.120.200). The dynamically assigned clients get registered by the BIND named and their names are available both for forward and reverse DNS resolution. As the lease time for portable devices is short, they are automatically removed from DNS whenever they cease communicating.

So far, this arrangement works perfectly.

Now my questions:

  1. Is it possible to force DNS registration/removal for some specific portable devices that are expected to get always the same (statically defined) address? If so, how to configure it?
  2. Some portable devices ask for lease by host names that do not conform to standards (e.g., hostname contains ‘_’) which results in DNS registration refusal. Is there any way to correct the registration names by a “filter” (e.g., sed script)?

BIND9 SERVFAIL using dig on UBUNTU server 18

I am setting up a nextcloud+onlyoffice server on ubuntu server 18 and a LAN DNS for my office to go with it. I’m not a real IT guy but I follow tutorials and read forums. Also, being in China I don’t have google and most my searches find irrelevant answers… I still saw many people had an error similar to mine but no solution worked for me. I’m sure it’s a stupid obvious mistake but since I’m not familiar with the BIND9 syntax, I just don’t see it… Here is my named.conf.local :

    zone "plateforme.local" IN {     type master;     file "/etc/bind/zones/db.plateforme.local";     //allow-transfer{211.66.139.29;};     allow-update { none; };     allow-query { any; }; };  zone "139.66.211.in-addr-arpa" IN {     type master;     file "/etc/bind/zones/db.rev.plateforme.local";     allow-update {none;}; }; 

my db.plateforme.local :

; ; BIND data file for local loopback interface ; $  TTL    604800 @   IN  SOA ns.plateforme.local. root.plateforme.local. (                   33    ; Serial              604800     ; Refresh               86400     ; Retry             2419200     ; Expire              604800 )   ; Negative Cache TTL ;  ; name servers - NS info         NS  ns.plateforme.local.  ; name servers - adress ns  IN  A   211.66.139.29  ; name servers - A records nextcloud   IN  A   211.66.139.29 onlyoffice  IN  A   211.66.139.29 

Here is db.rev.plateforme.local :

; ; BIND reverse data file for local loopback interface ; $  TTL    604800 @   IN  SOA ns.plateforme.local. root.plateforme.local. (                   17    ; Serial              604800     ; Refresh               86400     ; Retry             2419200     ; Expire              604800 )   ; Negative Cache TTL ;  ; name servers - NS info     IN  NS  ns.plateforme.local.     IN  NS  localhost.  ; name servers - adress 29  IN  NS  ns.plateforme.local.  29  IN  PTR nextcloud.plateforme. 29  IN  PTR onlyoffice.plateforme.local. 

Here is the result of dig nextcloud.plateforme.local :

nextcloud@nextcloud-server:/etc/bind/zones$   dig nextcloud.plateforme.local. ; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> nextcloud.plateforme.local. ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42787 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1  ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;nextcloud.plateforme.local.    IN  A  ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: mar. mars 12 10:25:52 HKT 2019 ;; MSG SIZE  rcvd: 55 

and the reverse dig dig -x 211.66.139.29 that surprisingly works :

nextcloud@nextcloud-server:/etc/bind/zones$   dig -x 211.66.139.29  ; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> -x 211.66.139.29 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1  ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;29.139.66.211.in-addr.arpa.    IN  PTR  ;; ANSWER SECTION: 29.139.66.211.in-addr.arpa. 0   IN  PTR nextcloud-server. 29.139.66.211.in-addr.arpa. 0   IN  PTR nextcloud-server.local.  ;; Query time: 120 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: mar. mars 12 10:39:53 HKT 2019 ;; MSG SIZE  rcvd: 121 

I’d be very thankful if someone could help… I’m setting up this server for our team of 16 teachers because I had some computer science training over a decade ago, because we have need for such server and the offer in mainland China is limited and abroad out of reach… but I do it in addition to my duties as a teacher and it is draining my free time. I would greatly appreciate the help and advice of experts. Thank you in advance for your time !

bind9 resolve ip.example.com to ip

the company has changed to Zscaler private access, and now connections for an IP are no longer working.

What is working, is a hostname, as it get’s translated to 100.64.x.y and then routed to the drop off in the datacenter.

My question now: is there a way to tell bind, to resolve something like 10.1.1.1.ip.domain.com to 10.1.1.1 without adding 16M records? Something like “* IN A *” is not working?

Thanks