@Danilo you are correct, the contents of /etc/resolv.conf are not set by BIND and BIND itself does not use them. But all applications running on that machine (including dig, unless you specify @<address>) that want some kind of name resolution will make OS system calls and then the OS *will* use what's in resolv.conf to determine where to send DNS queries on behalf of the application.
In the very first mail, bind9 said that the BIND config contains this:
listen-on port 53 { 123.123.123.10; 127.0.0.1; };At startup, the named process will tell the OS to send it packets that have those destination addresses AND destination port 53. All fine so far.
However, bind9 also said this:
The resolv.conf file contains:
nameserver 127.0.0.53
Confining things to the Ubuntu box for now, this tells the OS to make DNS queries to 127.0.0.53 - the 53 is *not* the port number, it is the 4th octet of the IPV4 address.
So the OS sends queries to 127.0.0.53 and named is listening on 127.0.0.1. I think you can see that this isn't going to work.
I don't know why resolv.conf contains that nameserver address (and it is an address, not a name - read the man page for resolv.conf), but the easiest solution would be to add that address to the set that named is listening on. i.e.
listen-on port 53 { 123.123.123.10; 127.0.0.1; 127.0.0.53;};You will need to stop/edit/start named for this change to take effect.This should fix your issues with apt and other applications running on the Ubuntu server.
I agree that you should not be using
123.123.123.0/24. Please read RFC1918 for guidance on private addressing.
tcpdump has a lot of options. For capturing DNS traffic to disk I would suggest this as a first pass:
sudo tcpdump -c 1000 -n -i all -w <filename> port 53
This captures all port 53 traffic on any interface (including the loopback), stops after 1000 packets (if you don't stop it yourself with ctrl-C), writes binary capture data to the file <filename> (you choose whatever name you like) and tells tcpdump to *not* attempt to resolve addresses to names. This may be irrelevant since it is capturing to disk but doesn't hurt.
Over to the Windows machine now. You will not have dig by default. BIND for Windows (including utilities like dig) hasn't existed for several years. It is still available to download but I *don't* recommend you install it.
Windows nslookup is actually not bad for making test queries, especially if used in interactive mode. Again, read the help to see what options it has.
Wireshark can be downloaded and installed for free and I recommend that you do that on the Windows machine, so that when you have captured traffic on the Ubuntu server, once you have copied the capture file to Windows you can open it in Wireshark there. Wireshark can also capture packets, like tcpdump, so you can use it to see exactly what your Windows machine is doing with DNS.
Hopefully this lot gives you some things to try and also to read, to understand the behaviour you are seeing.
Cheers, Greg
