BIND9 fails resolving after connecting to VPN

Chuck Swiger cswiger at mac.com
Fri Apr 8 20:23:54 UTC 2011


On Apr 8, 2011, at 1:07 PM, kapetr wrote:
> I absolutely do not understand your answer.

OK.

> I use the VPT to anonymisation. I need all traffic to go over the VPN.

OK.  That's not the usual method of operation for a routed VPN, but is more commonly used when doing bridging.

> The VPN must be used as target - default route. It is standard in
> usage of such services, it is what I need and want.

It's not standard behavior, but if it is what you want, very well.

> I thing in fact, that the problem with BIND has nothing common with
> things around VPN. BIND simple "get crazy" when new net device is
> added and/or routes are changed.
> 
> All apps use this new  route, why BIND not ?!

The kernel routing table (disciplined by static routing entries, or routed, BGP, OSPF, etc) and possibly firewall forwarding rules determine where network traffic is sent.

There's nothing which would cause BIND to behave any differently than any other userland app which is not tweaking the routing table.  This implies that there may be firewall rules in place between you and the VPN endpoint which are breaking DNS and/or EDNS0 aka RFC-2671.

What does:

  dig +short rs.dns-oarc.net txt

...do when your VPN tunnel is up?

Regards,
-- 
-Chuck




More information about the bind-users mailing list