The router doing something stupid (smart) sounds like it might be the right
answer, I know that i had to open the port in the router and yes it does some
intrusion detection etc so its possible.
I know all outbound traffic is left alone and inbound is managed, i may see if
i can turn off the firewall temporarily and see what gives on a restart of bind
I suspect though that it has nothing to do with the restart specifically and
only the responses which as you rightly put is a major weakness in my network.
Luckily have another router its a bit older than this one and slower, both are
ISP supplied so i will check that out.
if it turns out to be the router then honestly il look for a patch or give it
to the nearest recycling plant and head out to buy something better. It was a
freebie with the contract though they don't prohibit custom hardware. well you
know its paid for but all the same they won't refund its cost.
Thank you for the pointer in the right direction.
________________________________
From: bind-users <bind-users-boun...@lists.isc.org> on behalf of
bind-users-requ...@lists.isc.org <bind-users-requ...@lists.isc.org>
Sent: 26 May 2017 00:47
To: bind-users@lists.isc.org
Subject: bind-users Digest, Vol 2657, Issue 2
Send bind-users mailing list submissions to
bind-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/bind-users
bind-users Info Page - lists.isc.org Mailing
Lists<https://lists.isc.org/mailman/listinfo/bind-users>
lists.isc.org
To see the collection of prior postings to the list, visit the bind-users
Archives. Using bind-users: To post a message to all the list members, send ...
or, via email, send a message with subject or body 'help' to
bind-users-requ...@lists.isc.org
You can reach the person managing the list at
bind-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of bind-users digest..."
Today's Topics:
1. Weird issue with bind & router (Chris Serella)
2. Re: Weird issue with bind & router (John W. Blue)
3. Re: Weird issue with bind & router (Mark Andrews)
4. RE: Weird issue with bind & router (Darcy Kevin (FCA))
----------------------------------------------------------------------
Message: 1
Date: Thu, 25 May 2017 14:23:36 +0000
From: Chris Serella <serell...@hotmail.com>
To: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: Weird issue with bind & router
Message-ID:
<db6p192mb0199e626f4de82fe18e016f693...@db6p192mb0199.eurp192.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
I run a small dev system on my home network, housing dns etc all under the one
server.
System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.
Anyway, the problem i am having comes down to the router rebooting (is it
crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt
be an issue, DNS rarely changes so the service does not need restarting but the
problem occurs on system boot too.
The router in question is a Plusnet Hub One which I believe is actually a
repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server
installed.
Troubleshooting was difficult as i couldnt isolate what it was until i went
over to ISPConfig for assistance, they informed me that a DNS reload on their
software simply saves data to files and initiates a service restart.
With this information to hand I made no changes to the DNS in ISPConfig,
instead i opened a terminal and tunnels into the server and issued a bind9
restart from there.
Sure enough the problem reared its ugly little head, The ssh session dropped
out and looking over to the router i could see it was going through its power
cycle. To be sure this wasn't some freakishly well timed coincidence, I
completed the steps several times more (3) all with the same result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20170525/f5dcbeaf/attachment-0001.html>
------------------------------
Message: 2
Date: Thu, 25 May 2017 14:47:48 +0000
From: "John W. Blue" <john.b...@rrcic.com>
To: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: Re: Weird issue with bind & router
Message-ID: <8c799e52-3a3d-46b9-9f31-8df4e3b1d...@rrcic.com>
Content-Type: text/plain; charset="iso-8859-1"
Chris,
First, what a strange problem to have.
You really need to spend some time capturing the traffic placed on the wire via
tcpdump and then slicing it up for clues with wireshark.
If you set a continuous ping to the router that would be a good timestamp that
you can use to correlate as a marker. When it stops responding look at all of
the other traffic around that time.
I doubt that it will be BIND but stranger things have happened before!
Good luck.
John
Sent from Nine<http://www.9folders.com/>
Nine – A website for mobile exchange email client<http://www.9folders.com/>
www.9folders.com
Nine provides your Android devices with a wirelessly synchronized, encrypted
connection to your company servers or email hosting services, so you can
instantly access ...
From: Chris Serella <serell...@hotmail.com>
Sent: May 25, 2017 9:24 AM
To: bind-users@lists.isc.org
Subject: Weird issue with bind & router
I run a small dev system on my home network, housing dns etc all under the one
server.
System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.
Anyway, the problem i am having comes down to the router rebooting (is it
crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt
be an issue, DNS rarely changes so the service does not need restarting but the
problem occurs on system boot too.
The router in question is a Plusnet Hub One which I believe is actually a
repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server
installed.
Troubleshooting was difficult as i couldnt isolate what it was until i went
over to ISPConfig for assistance, they informed me that a DNS reload on their
software simply saves data to files and initiates a service restart.
With this information to hand I made no changes to the DNS in ISPConfig,
instead i opened a terminal and tunnels into the server and issued a bind9
restart from there.
Sure enough the problem reared its ugly little head, The ssh session dropped
out and looking over to the router i could see it was going through its power
cycle. To be sure this wasn't some freakishly well timed coincidence, I
completed the steps several times more (3) all with the same result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20170525/905ccc0b/attachment-0001.html>
------------------------------
Message: 3
Date: Fri, 26 May 2017 08:01:45 +1000
From: Mark Andrews <ma...@isc.org>
To: "John W. Blue" <john.b...@rrcic.com>
Cc: "bind-users@lists.isc.org" <bind-us...@isc.org>
Subject: Re: Weird issue with bind & router
Message-ID: <20170525220145.dbb4979b1...@rock.dv.isc.org>
Even home routers sometimes try to police DNS traffic and I would
expect there is a bug in the code doing that.
As this is a ISP supplied router (if my Google Foo is accurate)
report the fault to the ISP. It is their job to fix it.
If it wasn't a ISP supplied router, update the router firmware and
see if the problem goes away. If that doesn't work. Try to report
the bug to the router manufacture. If you can't do that return the
router requesting a full refund as it is not fit for purpose.
Suppliers and manufactures need to get some pushback on broken products.
Mark
in message <8c799e52-3a3d-46b9-9f31-8df4e3b1d...@rrcic.com>, "john w. blue"
writes:
> chris,
>
> first, what a strange problem to have.
>
> you really need to spend some time capturing the traffic placed on the wire=
> via tcpdump and then slicing it up for clues with wireshark.
>
> if you set a continuous ping to the router that would be a good timestamp t=
> hat you can use to correlate as a marker. when it stops responding look at=
> all of the other traffic around that time.
>
> i doubt that it will be bind but stranger things have happened before!
>
> good luck.
>
> john
>
> sent from nine<http://www.9folders.com/>
Nine – A website for mobile exchange email client<http://www.9folders.com/>
www.9folders.com
Nine provides your Android devices with a wirelessly synchronized, encrypted
connection to your company servers or email hosting services, so you can
instantly access ...
>
> from: chris serella <serell...@hotmail.com>
> sent: may 25, 2017 9:24 am
> to: bind-users@lists.isc.org
> subject: weird issue with bind & router
>
>
> i run a small dev system on my home network, housing dns etc all under the =
> one server.
>
> system: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.
>
> anyway, the problem i am having comes down to the router rebooting (is it c=
> rashing? i cant tell) every time bind starts/restarts. this ordinarily woul=
> dnt be an issue, dns rarely changes so the service does not need restarting=
> but the problem occurs on system boot too.
>
> the router in question is a plusnet hub one which i believe is actually a r=
> epackaged bt hub 5. the "server" is an acer ax3300 desktop with ubuntu serv=
> er installed.
>
> troubleshooting was difficult as i couldnt isolate what it was until i went=
> over to ispconfig for assistance, they informed me that a dns reload on th=
> eir software simply saves data to files and initiates a service restart.
>
> with this information to hand i made no changes to the dns in ispconfig, in=
> stead i opened a terminal and tunnels into the server and issued a bind9 re=
> start from there.
>
> sure enough the problem reared its ugly little head, the ssh session droppe=
> d out and looking over to the router i could see it was going through its p=
> ower cycle. to be sure this wasn't some freakishly well timed coincidence, =
> i completed the steps several times more (3) all with the same result.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
------------------------------
Message: 4
Date: Thu, 25 May 2017 23:47:34 +0000
From: "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com>
To: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: RE: Weird issue with bind & router
Message-ID: <e049874021a24ef2be274e35709a2...@mxph4chrw.fgremc.it>
Content-Type: text/plain; charset="us-ascii"
As far as I know, the only "special" thing that BIND does consistently on a
restart, that it doesn't do on a regular basis in normal operation, is a
"priming" query to whatever is configured as root nameservers. I suppose it's
_possible_ that there is something about priming queries, particularly, that
exercises a codepath in the router, with a horrible bug in it. This is - as
Mark speculated - much more likely if the router is trying to do something
"smart" with your DNS, e.g. intrusion detection/prevention, reputation-based
blacklisting, something like that. I'd look at the router config and see if you
can turn any feature(s) like that *off*.
Failing that, if priming queries are the culprit, it should be fairly easy to
reproduce the scenario, since one can issue identical-looking queries to the
same root-nameserver destinations (the main difference between these and other
command-line-generated queries would consist of making them non-recursive). If
you can reproduce the issue at will, maybe the router manufacturer would
actually listen to your trouble report.
Putting on my InfoSec paranoia hat for a second, if it's the *responses* to the
priming queries that are causing the router to go belly-up, then this is a
scary prospect indeed, since it raises the possibility that evildoers could
send *spoofed* responses like that, to routers of that make/model, and this
would be a powerful Denial of Service attack.
- Kevin
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Chris
Serella
Sent: Thursday, May 25, 2017 10:24 AM
To: bind-users@lists.isc.org
Subject: Weird issue with bind & router
I run a small dev system on my home network, housing dns etc all under the one
server.
System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.
Anyway, the problem i am having comes down to the router rebooting (is it
crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt
be an issue, DNS rarely changes so the service does not need restarting but the
problem occurs on system boot too.
The router in question is a Plusnet Hub One which I believe is actually a
repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server
installed.
Troubleshooting was difficult as i couldnt isolate what it was until i went
over to ISPConfig for assistance, they informed me that a DNS reload on their
software simply saves data to files and initiates a service restart.
With this information to hand I made no changes to the DNS in ISPConfig,
instead i opened a terminal and tunnels into the server and issued a bind9
restart from there.
Sure enough the problem reared its ugly little head, The ssh session dropped
out and looking over to the router i could see it was going through its power
cycle. To be sure this wasn't some freakishly well timed coincidence, I
completed the steps several times more (3) all with the same result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20170525/b089e94f/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
------------------------------
End of bind-users Digest, Vol 2657, Issue 2
*******************************************
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
