bind-users Digest, Vol 2657, Issue 2

Chris Serella serella_c at hotmail.com
Sat May 27 00:46:55 UTC 2017


The router doing something stupid (smart) sounds like it might be the right answer, I know that i had to open the port in the router and yes it does some intrusion detection etc so its possible.

I know all outbound traffic is left alone and inbound is managed, i may see if i can turn off the firewall temporarily and see what gives on a restart of bind

I suspect though that it has nothing to do with the restart specifically and only the responses which as you rightly put is a major weakness in my network. Luckily have another router its a bit older than this one and slower, both are ISP supplied so i will check that out.

if it turns out to be the router then honestly il look for a patch or give it to the nearest recycling plant and head out to buy something better. It was a freebie with the contract though they don't prohibit custom hardware. well you know its paid for but all the same they won't refund its cost.

Thank you for the pointer in the right direction.



________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of bind-users-request at lists.isc.org <bind-users-request at lists.isc.org>
Sent: 26 May 2017 00:47
To: bind-users at lists.isc.org
Subject: bind-users Digest, Vol 2657, Issue 2

Send bind-users mailing list submissions to
        bind-users at lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/bind-users
bind-users Info Page - lists.isc.org Mailing Lists<https://lists.isc.org/mailman/listinfo/bind-users>
lists.isc.org
To see the collection of prior postings to the list, visit the bind-users Archives. Using bind-users: To post a message to all the list members, send ...



or, via email, send a message with subject or body 'help' to
        bind-users-request at lists.isc.org

You can reach the person managing the list at
        bind-users-owner at lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of bind-users digest..."


Today's Topics:

   1. Weird issue with bind & router (Chris Serella)
   2. Re: Weird issue with bind & router (John W. Blue)
   3. Re: Weird issue with bind & router (Mark Andrews)
   4. RE: Weird issue with bind & router (Darcy Kevin (FCA))


----------------------------------------------------------------------

Message: 1
Date: Thu, 25 May 2017 14:23:36 +0000
From: Chris Serella <serella_c at hotmail.com>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Weird issue with bind & router
Message-ID:
        <DB6P192MB0199E626F4DE82FE18E016F693FF0 at DB6P192MB0199.EURP192.PROD.OUTLOOK.COM>

Content-Type: text/plain; charset="iso-8859-1"

I run a small dev system on my home network, housing dns etc all under the one server.

System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.

Anyway, the problem i am having comes down to the router rebooting (is it crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt be an issue, DNS rarely changes so the service does not need restarting but the problem occurs on system boot too.

The router in question is a Plusnet Hub One which I believe is actually a repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server installed.

Troubleshooting was difficult as i couldnt isolate what it was until i went over to ISPConfig for assistance, they informed me that a DNS reload on their software simply saves data to files and initiates a service restart.

With this information to hand I made no changes to the DNS in ISPConfig, instead i opened a terminal and tunnels into the server and issued a bind9 restart from there.

Sure enough the problem reared its ugly little head, The ssh session dropped out and looking over to the router i could see it was going through its power cycle. To be sure this wasn't some freakishly well timed coincidence, I completed the steps several times more (3) all with the same result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170525/f5dcbeaf/attachment-0001.html>

------------------------------

Message: 2
Date: Thu, 25 May 2017 14:47:48 +0000
From: "John W. Blue" <john.blue at rrcic.com>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Weird issue with bind & router
Message-ID: <8c799e52-3a3d-46b9-9f31-8df4e3b1d204 at rrcic.com>
Content-Type: text/plain; charset="iso-8859-1"

Chris,

First, what a strange problem to have.

You really need to spend some time capturing the traffic placed on the wire via tcpdump and then slicing it up for clues with wireshark.

If you set a continuous ping to the router that would be a good timestamp that you can use to correlate as a marker.  When it stops responding look at all of the other traffic around that time.

I doubt that it will be BIND but stranger things have happened before!

Good luck.

John

Sent from Nine<http://www.9folders.com/>
Nine – A website for mobile exchange email client<http://www.9folders.com/>
www.9folders.com
Nine provides your Android devices with a wirelessly synchronized, encrypted connection to your company servers or email hosting services, so you can instantly access ...




From: Chris Serella <serella_c at hotmail.com>
Sent: May 25, 2017 9:24 AM
To: bind-users at lists.isc.org
Subject: Weird issue with bind & router


I run a small dev system on my home network, housing dns etc all under the one server.

System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.

Anyway, the problem i am having comes down to the router rebooting (is it crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt be an issue, DNS rarely changes so the service does not need restarting but the problem occurs on system boot too.

The router in question is a Plusnet Hub One which I believe is actually a repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server installed.

Troubleshooting was difficult as i couldnt isolate what it was until i went over to ISPConfig for assistance, they informed me that a DNS reload on their software simply saves data to files and initiates a service restart.

With this information to hand I made no changes to the DNS in ISPConfig, instead i opened a terminal and tunnels into the server and issued a bind9 restart from there.

Sure enough the problem reared its ugly little head, The ssh session dropped out and looking over to the router i could see it was going through its power cycle. To be sure this wasn't some freakishly well timed coincidence, I completed the steps several times more (3) all with the same result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170525/905ccc0b/attachment-0001.html>

------------------------------

Message: 3
Date: Fri, 26 May 2017 08:01:45 +1000
From: Mark Andrews <marka at isc.org>
To: "John W. Blue" <john.blue at rrcic.com>
Cc: "bind-users at lists.isc.org" <bind-users at isc.org>
Subject: Re: Weird issue with bind & router
Message-ID: <20170525220145.DBB4979B1F74 at rock.dv.isc.org>


Even home routers sometimes try to police DNS traffic and I would
expect there is a bug in the code doing that.

As this is a ISP supplied router (if my Google Foo is accurate)
report the fault to the ISP.  It is their job to fix it.

If it wasn't a ISP supplied router, update the router firmware and
see if the problem goes away.  If that doesn't work.  Try to report
the bug to the router manufacture.  If you can't do that return the
router requesting a full refund as it is not fit for purpose.

Suppliers and manufactures need to get some pushback on broken products.

Mark

in message <8c799e52-3a3d-46b9-9f31-8df4e3b1d204 at rrcic.com>, "john w. blue" writes:
> chris,
>
> first, what a strange problem to have.
>
> you really need to spend some time capturing the traffic placed on the wire=
>  via tcpdump and then slicing it up for clues with wireshark.
>
> if you set a continuous ping to the router that would be a good timestamp t=
> hat you can use to correlate as a marker.  when it stops responding look at=
>  all of the other traffic around that time.
>
> i doubt that it will be bind but stranger things have happened before!
>
> good luck.
>
> john
>
> sent from nine<http://www.9folders.com/>
Nine – A website for mobile exchange email client<http://www.9folders.com/>
www.9folders.com
Nine provides your Android devices with a wirelessly synchronized, encrypted connection to your company servers or email hosting services, so you can instantly access ...



>
> from: chris serella <serella_c at hotmail.com>
> sent: may 25, 2017 9:24 am
> to: bind-users at lists.isc.org
> subject: weird issue with bind & router
>
>
> i run a small dev system on my home network, housing dns etc all under the =
> one server.
>
> system: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.
>
> anyway, the problem i am having comes down to the router rebooting (is it c=
> rashing? i cant tell) every time bind starts/restarts. this ordinarily woul=
> dnt be an issue, dns rarely changes so the service does not need restarting=
>  but the problem occurs on system boot too.
>
> the router in question is a plusnet hub one which i believe is actually a r=
> epackaged bt hub 5. the "server" is an acer ax3300 desktop with ubuntu serv=
> er installed.
>
> troubleshooting was difficult as i couldnt isolate what it was until i went=
>  over to ispconfig for assistance, they informed me that a dns reload on th=
> eir software simply saves data to files and initiates a service restart.
>
> with this information to hand i made no changes to the dns in ispconfig, in=
> stead i opened a terminal and tunnels into the server and issued a bind9 re=
> start from there.
>
> sure enough the problem reared its ugly little head, the ssh session droppe=
> d out and looking over to the router i could see it was going through its p=
> ower cycle. to be sure this wasn't some freakishly well timed coincidence, =
> i completed the steps several times more (3) all with the same result.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


------------------------------

Message: 4
Date: Thu, 25 May 2017 23:47:34 +0000
From: "Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: RE: Weird issue with bind & router
Message-ID: <e049874021a24ef2be274e35709a2077 at mxph4chrw.fgremc.it>
Content-Type: text/plain; charset="us-ascii"

As far as I know, the only "special" thing that BIND does consistently on a restart, that it doesn't do on a regular basis in normal operation, is a "priming" query to whatever is configured as root nameservers. I suppose it's _possible_ that there is something about priming queries, particularly, that exercises a codepath in the router, with a horrible bug in it. This is - as Mark speculated - much more likely if the router is trying to do something "smart" with your DNS, e.g. intrusion detection/prevention, reputation-based blacklisting, something like that. I'd look at the router config and see if you can turn any feature(s) like that *off*.

Failing that, if priming queries are the culprit, it should be fairly easy to reproduce the scenario, since one can issue identical-looking queries to the same root-nameserver destinations (the main difference between these and other command-line-generated queries would consist of making them non-recursive). If you can reproduce the issue at will, maybe the router manufacturer would actually listen to your trouble report.

Putting on my InfoSec paranoia hat for a second, if it's the *responses* to the priming queries that are causing the router to go belly-up, then this is a scary prospect indeed, since it raises the possibility that evildoers could send *spoofed* responses like that, to routers of that make/model, and this would be a powerful Denial of Service attack.

                                                                                                                                                                                                                                                                - Kevin



From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Chris Serella
Sent: Thursday, May 25, 2017 10:24 AM
To: bind-users at lists.isc.org
Subject: Weird issue with bind & router


I run a small dev system on my home network, housing dns etc all under the one server.

System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.

Anyway, the problem i am having comes down to the router rebooting (is it crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt be an issue, DNS rarely changes so the service does not need restarting but the problem occurs on system boot too.

The router in question is a Plusnet Hub One which I believe is actually a repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server installed.

Troubleshooting was difficult as i couldnt isolate what it was until i went over to ISPConfig for assistance, they informed me that a DNS reload on their software simply saves data to files and initiates a service restart.

With this information to hand I made no changes to the DNS in ISPConfig, instead i opened a terminal and tunnels into the server and issued a bind9 restart from there.

Sure enough the problem reared its ugly little head, The ssh session dropped out and looking over to the router i could see it was going through its power cycle. To be sure this wasn't some freakishly well timed coincidence, I completed the steps several times more (3) all with the same result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170525/b089e94f/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

------------------------------

End of bind-users Digest, Vol 2657, Issue 2
*******************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170527/a09633f6/attachment-0001.html>


More information about the bind-users mailing list