Of course: it's ALWAYS DNS! (Sorry, I had to say that because it's
Saturday. I'll move on.)
Actually in this case I'm pretty sure it /is/ systemd resolved, so yeah it
is kinda DNS because systemd is kinda trying to do DNS.
On Sat, 10 May 2025, Greg Choules via bind-users wrote:
[...] But all applications running on
that machine (including dig, unless you specify @<address>) that want some
kind of name resolution will make OS system calls and then the OS *will*
use what's in resolv.conf to determine where to send DNS queries on behalf
of the application.
Yup. And that may be ignored by e.g. the web browser or some webified app
attempting to do its own recursing; and that's the reason why we specify
trying with certain applications, because I think we understand their
behavior. Not directed at you, Greg.
In the very first mail, bind9 said that the BIND config contains this:
listen-on port 53 { 123.123.123.10; 127.0.0.1; };
At startup, the named process will tell the OS to send it packets that have
those destination addresses AND destination port 53. All fine so far.
[...]
I think you can see that this isn't going to work.
I don't know why resolv.conf contains that nameserver address (and it is an
address, not a name - read the man page for resolv.conf), but the easiest
solution would be to add that address to the set that named is listening
on. i.e.
listen-on port 53 { 123.123.123.10; 127.0.0.1; 127.0.0.53;};
I'll bet you a beer that it doesn't work... or not the way you think it
does. BIND may start (or not), but check the logs and see if it's really
listening on 127.0.0.53.
I'll bet you find it isn't. Check with "ifconfig" ("ip address show")
and see if 127.0.0.53 is bound to an interface. Actually, I'm not certain
that ifconfig and ip utilize the exact same library codepaths. Anyway,
last time I tried this wasn't the very latest version of Ubuntu or BIND,
but BIND refused to bind the address unless it was explicitly bound to an
interface.
So while TECHNICALLY any address in 127.0.0.0/8 should be loopback, not
everything sees it this way. It didn't rise in my mind to the level of a
BIND bug, but it does expose a shear layer in the compatibility tooling. I
didn't take the time to figure out how to bind additional loopback
addresses in order to make BIND happy, the revelation that systemd was
running something was enough to make me look for something to throw.
You will need to stop/edit/start named for this change to take effect.
Stop! Squirrel wearing a systemd tshirt! Kill / maim / destroy / drive off
systemd resolved. Then make sure that resolv.conf is not being hijacked.
Now try again.
--
Fred
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
