On Sunday, July 6, 2025 2:34:58 AM CEST Bagas Sanjaya wrote:
> Hi,
>
> I notice BIND's address binding behavior (bug?). I'm running BIND from
> git (9.21.10-dev (Development Release) <id:3719cf5>).
>
> My named.conf specifies listen-address to both loopback and WiFi devices:
>
> ```
> options {
> ...
> listen-on-v6 { none; };
> listen-on { 127.0.0.53; 192.168.0.155; };
> ...
> };
> ```
Fine, I ran the whole thing against known configs of my own. Have at it.
What came from user-level, is below. Can't be bothered to do root-user
separation.
[~] v...@workstation.vm.ideapad.lan
[$] /bin/bash scp r...@dns.vm.ideapad.lan:/etc/bind/named.conf /tmp/named.conf
named.conf 100% 3159 968.9KB/s 00:00
[0] Command completed on 2025-07-06 09:02 CEST.
--- snip ---
Willing to be proven wrong, but this sure seems like just PEBKAC. If not
there, sure maybe here. Prove it.
--
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
Activisme is pas nuttig, wanneer het kan bereiken wat het wenst te bereiken,
binnen de limieten van het huidige systeem. De rest is geschiedenis.
-- v...@workstation.vm.ideapad.lan
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash apt install bind9
Reading package lists... 0%
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following package was automatically installed and is no longer required:
linux-image-6.1.0-34-amd64
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
bind9-utils
Suggested packages:
bind-doc resolvconf ufw
The following NEW packages will be installed:
bind9 bind9-utils
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 405 kB of archives.
After this operation, 1,560 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 bind9-utils amd64 1:9.18.33-1~deb12u2 [159 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 bind9 amd64 1:9.18.33-1~deb12u2 [246 kB]
Fetched 405 kB in 0s (1,231 kB/s)
Selecting previously unselected package bind9-utils.
(Reading database ... 191112 files and directories currently installed.)
Preparing to unpack .../bind9-utils_1%3a9.18.33-1~deb12u2_amd64.deb ...
Unpacking bind9-utils (1:9.18.33-1~deb12u2) ...
Selecting previously unselected package bind9.
Preparing to unpack .../bind9_1%3a9.18.33-1~deb12u2_amd64.deb ...
Unpacking bind9 (1:9.18.33-1~deb12u2) ...
Setting up bind9-utils (1:9.18.33-1~deb12u2) ...
Setting up bind9 (1:9.18.33-1~deb12u2) ...
Adding group `bind' (GID 126) ...
Done.
Adding system user `bind' (UID 116) ...
Adding new user `bind' (UID 116) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
named-resolvconf.service is a disabled or a static unit, not starting it.
Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service.
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
Processing triggers for man-db (2.11.2-2) ...
[0] Command completed on 2025-07-06 09:00 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash systemctl status systemd-resolved
Unit systemd-resolved.service could not be found.
[4] Command completed on 2025-07-06 09:00 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash vim /etc/bind
bind/ bindresvport.blacklist
[4] Command completed on 2025-07-06 09:00 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash vim /etc/bind/named.conf
[0] Command completed on 2025-07-06 09:01 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash mv /tmp/named.conf /etc/named.conf
[0] Command completed on 2025-07-06 09:02 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash vim /etc/named.conf
[0] Command completed on 2025-07-06 09:03 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash named-checkconf
[0] Command completed on 2025-07-06 09:03 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash systemctl restart named
[0] Command completed on 2025-07-06 09:03 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash dig nixmagic.com @127.0.0.53
;; communications error to 127.0.0.53#53: connection refused
;; communications error to 127.0.0.53#53: connection refused
;; communications error to 127.0.0.53#53: connection refused
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> nixmagic.com @127.0.0.53
;; global options: +cmd
;; no servers could be reached
[9] Command completed on 2025-07-06 09:04 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=556,fd=12))
udp UNCONN 0 0 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=55))
udp UNCONN 0 0 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=54))
udp UNCONN 0 0 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=53))
udp UNCONN 0 0 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=52))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=43))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=42))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=41))
udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=40))
udp UNCONN 0 0 192.168.15.255:137 0.0.0.0:* users:(("nmbd",pid=725,fd=16))
udp UNCONN 0 0 192.168.15.20:137 0.0.0.0:* users:(("nmbd",pid=725,fd=15))
udp UNCONN 0 0 0.0.0.0:137 0.0.0.0:* users:(("nmbd",pid=725,fd=13))
udp UNCONN 0 0 192.168.15.255:138 0.0.0.0:* users:(("nmbd",pid=725,fd=18))
udp UNCONN 0 0 192.168.15.20:138 0.0.0.0:* users:(("nmbd",pid=725,fd=17))
udp UNCONN 0 0 0.0.0.0:138 0.0.0.0:* users:(("nmbd",pid=725,fd=14))
udp UNCONN 0 0 0.0.0.0:37230 0.0.0.0:* users:(("avahi-daemon",pid=556,fd=14))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=556,fd=13))
udp UNCONN 0 0 *:1716 *:* users:(("kdeconnectd",pid=1198,fd=11))
udp UNCONN 0 0 [::]:46870 [::]:* users:(("avahi-daemon",pid=556,fd=15))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=322203,fd=60))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=322203,fd=61))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=322203,fd=63))
udp UNCONN 0 0 [::1]:53 [::]:* users:(("named",pid=322203,fd=62))
udp UNCONN 0 0 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=68))
udp UNCONN 0 0 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=69))
udp UNCONN 0 0 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=71))
udp UNCONN 0 0 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=70))
tcp LISTEN 0 10 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=58))
tcp LISTEN 0 10 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=59))
tcp LISTEN 0 10 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=57))
tcp LISTEN 0 10 192.168.15.20:53 0.0.0.0:* users:(("named",pid=322203,fd=56))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=49))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=47))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=45))
tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:(("named",pid=322203,fd=44))
tcp LISTEN 0 128 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=274743,fd=7))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=660,fd=3))
tcp LISTEN 0 50 0.0.0.0:139 0.0.0.0:* users:(("smbd",pid=732,fd=31))
tcp LISTEN 0 50 0.0.0.0:445 0.0.0.0:* users:(("smbd",pid=732,fd=30))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=322203,fd=78))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=322203,fd=76))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=322203,fd=79))
tcp LISTEN 0 5 127.0.0.1:953 0.0.0.0:* users:(("named",pid=322203,fd=77))
tcp LISTEN 0 128 [::1]:631 [::]:* users:(("cupsd",pid=274743,fd=6))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=322203,fd=80))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=322203,fd=81))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=322203,fd=82))
tcp LISTEN 0 5 [::1]:953 [::]:* users:(("named",pid=322203,fd=83))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=322203,fd=64))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=322203,fd=65))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=322203,fd=67))
tcp LISTEN 0 10 [::1]:53 [::]:* users:(("named",pid=322203,fd=66))
tcp LISTEN 0 50 *:1716 *:* users:(("kdeconnectd",pid=1198,fd=12))
tcp LISTEN 0 10 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=72))
tcp LISTEN 0 10 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=73))
tcp LISTEN 0 10 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=74))
tcp LISTEN 0 10 [fe80::4c7:f374:b39d:8f37]%eth2:53 [::]:* users:(("named",pid=322203,fd=75))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=660,fd=4))
tcp LISTEN 0 50 [::]:139 [::]:* users:(("smbd",pid=732,fd=29))
tcp LISTEN 0 50 [::]:445 [::]:* users:(("smbd",pid=732,fd=28))
tcp LISTEN 0 2 [::1]:3350 [::]:* users:(("xrdp-sesman",pid=649,fd=11))
[0] Command completed on 2025-07-06 09:04 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash dig nixmagic.com @127.0.0.1
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> nixmagic.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62380
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 47c3c948c7dec2d201000000686a2002580aaf1dc81ba705 (good)
;; QUESTION SECTION:
;nixmagic.com. IN A
;; ANSWER SECTION:
nixmagic.com. 604800 IN A 168.119.103.78
nixmagic.com. 604800 IN A 116.203.235.171
;; Query time: 176 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Jul 06 09:04:34 CEST 2025
;; MSG SIZE rcvd: 101
[0] Command completed on 2025-07-06 09:04 CEST.
--- snip ---
[~] r...@workstation.vm.ideapad.lan
[#] /bin/bash
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users