0

I am trying to setup a dns server on ubuntu. With

sudo systemctl status bind9

I get

Apr 17 10:14:21 dns named[1002]: no longer listening on fe80::9903:2b67:b230:aaaa%3#53
Apr 17 10:14:21 dns named[1002]: listening on IPv6 interface eno2, fe80::9903:2b67:b230:aaaa%3#53
Apr 17 10:14:21 dns named[1002]: creating TCP socket: address not available
Apr 17 10:15:06 dns named[1002]: no longer listening on fe80::9903:2b67:b230:aaaa%3#53
Apr 17 10:15:06 dns named[1002]: listening on IPv6 interface eno2, fe80::9903:2b67:b230:aaaa%3#53
Apr 17 10:15:06 dns named[1002]: creating TCP socket: address not available
Apr 17 10:15:51 dns named[1002]: no longer listening on fe80::9903:2b67:b230:aaaa%3#53
Apr 17 10:15:51 dns named[1002]: listening on IPv6 interface eno2, fe80::9903:2b67:b230:aaaa%3#53
Apr 17 10:15:51 dns named[1002]: creating TCP socket: address not available
Apr 17 10:16:36 dns named[1002]: no longer listening on fe80::9903:2b67:b230:aaaa%3#53

I don`t understand from where

fe80::9903:2b67:b230:aaaa%3#53

is coming from, it is not in my configuration or ansible playbook.

dig and nslookup work, but not ping:

$ dig gitlab.bobby

dig gitlab.bobby

; <<>> DiG 9.16.1-Ubuntu <<>> gitlab.bobby
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 151
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;gitlab.bobby.      IN  A

;; Query time: 439 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Du apr 17 13:43:40 EEST 2022
;; MSG SIZE  rcvd: 44




ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:41:a9:a0:e4:43 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.138/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp0s20f3
       valid_lft 71048sec preferred_lft 71048sec
    inet6 fe80::a7fb:95aa:eceb:644e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.9.100.6/16 brd 10.9.255.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::801:28e7:2f5b:5191/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

The setup is run with an ansible playbook, that I tested in test servers and it worked. systemd-resolved was using socket 53 as well, killed, restarted etc no change.

Anything I can try?

Improve this question
3
  • When you'll describe what system has an eno2 interface with index 3 (here there's a tun0 interface with index 3) maybe things could become more clear. Maybe your automatic configuration settings use the wrong interface from the wrong system? Commented Apr 17, 2022 at 11:51
  • Find out which process has port 53 open: sudo lsof -i:53. Depending on which Unix/Linux you're using, you may need to read man dnsmasq systemd-dnsmasq in addition to man lsof. Commented Apr 17, 2022 at 14:47
  • Your dig gitlab bobby command failed! That's what the Status NXDOMAIN (Non-Existent DOMAIN) means. The DNS server you used (not your Bind9) successfully said "I don't know the IP address of gitlab". No IP address was returned Commented Apr 17, 2022 at 14:55

1 Answer 1

Reset to default
0

The problem was not the port being blocked, but systemd-resolved.

I solved the issue like it described here:

https://kifarunix.com/configure-openvpn-clients-to-use-specific-dns-server/

apt install openresolv

Add this to your client ovpn file:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Start openvpn on client:

openvpn client-1.ovpn

Check that it works cat /etc/resolv.conf

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.