<div dir="auto">127.anything is valid on the loopback interface as it is a /8. You will have to add addresses as aliases, but that is easy. Read the man pages first and check what addresses already exist on lo0. Ubuntu must have gotten 127.0.0.53 from somewhere.<div dir="auto">Get tcpdump and Wireshark working so you can see what's actually happening. <br><div dir="auto">Work on and fix resolution on the Ubuntu server first, then move to Windows. </div><div dir="auto"><br></div><div dir="auto">As for "search???" In resolv.conf, personally I don't like it. DNS works on FQDNs and IMHO applications should ask for these every time, making search unnecessary. I know that others on this list would disagree with me, but that's just my 2p.</div><div dir="auto"><br></div><div dir="auto">Cheers, Greg. </div></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sat, 10 May 2025, 13:43 , <<a href="mailto:bind9@clearviz.biz">bind9@clearviz.biz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-size:10pt;font-family:Verdana,Geneva,sans-serif">
<p id="m_5365720856653534982reply-intro">On 2025-05-10 02:03, Greg Choules wrote:</p>
<blockquote type="cite" style="padding:0 0.4em;border-left:#1010ff 2px solid;margin:0">
<div id="m_5365720856653534982replybody1">
<div dir="ltr">
<div>@Danilo you are correct, the contents of /etc/resolv.conf are not set by BIND and BIND itself does not use them. But all applications running on that machine (including dig, unless you specify @<address>) that want some kind of name resolution will make OS system calls and then the OS *will* use what's in resolv.conf to determine where to send DNS queries on behalf of the application.</div>
<div> </div>
<div><span style="color:#236fa1"><strong>Therefore, I will change resolv.conf to replace the current IP with the IP of the server machine itself and, perhaps, Localhost itself (127.0.0.1). I never created resolv.conf and have no idea how it got created. It's weird because "/etc/resolv.conf" is actally a symlink to /run/systemd/resolve/stub-resolv.conf"... the file I need to change. </strong></span> </div>
<div> </div>
<div><a id="m_5365720856653534982v1m_-3584889387570202840m_-8546348764678926612m_-8923773910631277157m_3652235534243046094plusReplyChip-1" rel="noreferrer"></a>In the very first mail, bind9 said that the BIND config contains this:</div>
<div>
<pre> listen-on port 53 { 123.123.123.10; 127.0.0.1; }; <span style="color:#236fa1"><strong>Correct</strong></span></pre>
At startup, the named process will tell the OS to send it packets that have those destination addresses AND destination port 53. All fine so far.</div>
<div> </div>
<div>However, bind9 also said this:</div>
<div>
<p><span style="color:#843fa1"><strong>The resolv.conf file contains:</strong></span></p>
<p><span style="color:#843fa1"><strong> nameserver 127.0.0.53</strong></span></p>
Confining things to the Ubuntu box for now, this tells the OS to make DNS queries to 127.0.0.53 - the 53 is *not* the port number, it is the 4th octet of the IPV4 address.</div>
<div>So the OS sends queries to 127.0.0.53 and named is listening on 127.0.0.1. I think you can see that this isn't going to work.</div>
<div> </div>
<div><span style="color:#236fa1"><strong>I will change that immediately. I will make that entry the same IP as my server machine itself. Do I need a "search" entry for the name server as well? And if yes, should it be just the domain name or the FQDN of the server machine? </strong></span></div>
<div> </div>
<div>I don't know why resolv.conf contains that nameserver address (and it is an address, not a name - read the man page for resolv.conf), but the easiest solution would be to add that address to the set that named is listening on. i.e.</div>
<div>
<pre> listen-on port 53 { 123.123.123.10; 127.0.0.1; 127.0.0.53;};<br><br><span style="color:#236fa1"><strong>The 127.0.0.53 addr is invalid for any form of listening. I will eliminate any reference to it. I will use only the server machine's IP and the loopback. </strong></span> <br><br></pre>
You will need to stop/edit/start named for this change to take effect.</div>
<div> </div>
<div><span style="color:#236fa1"><strong>I usually do "<span style="color:#000000">systemctl restart named</span>".</strong></span> </div>
<div> </div>
<div>This should fix your issues with apt and other applications running on the Ubuntu server.</div>
<div>I agree that you should not be using <a href="http://123.123.123.0/24" rel="noopener noreferrer noreferrer" target="_blank">123.123.123.0/24</a>. Please read RFC1918 for guidance on private addressing.</div>
<div> </div>
<div><span style="color:#236fa1"><strong>Again, <a href="http://123.123.123.0/24" target="_blank" rel="noreferrer">123.123.123.0/24</a> is not the actual subnet address. It's just a place holder in the named.conf.options file to mask the real subnet address. For security reasons, I do not publish the actual internal subnet address. But rest assured, the real subnet address definitely falls within the correct publishing guidelines (i.e. 19*) for the head octet. </strong></span></div>
<div> </div>
<div>
<div>tcpdump has a lot of options. For capturing DNS traffic to disk I would suggest this as a first pass:</div>
<div> </div>
<div style="margin-left:40px">sudo tcpdump -c 1000 -n -i all -w <filename> port 53</div>
<div> </div>
<div>This captures all port 53 traffic on any interface (including the loopback), stops after 1000 packets (if you don't stop it yourself with ctrl-C), writes binary capture data to the file <filename> (you choose whatever name you like) and tells tcpdump to *not* attempt to resolve addresses to names. This may be irrelevant since it is capturing to disk but doesn't hurt.</div>
<div> </div>
<div><span style="color:#236fa1"><strong>Thanks much! This will help quite a bit.</strong></span></div>
<div> </div>
</div>
<div>Over to the Windows machine now. You will not have dig by default. BIND for Windows (including utilities like dig) hasn't existed for several years. It is still available to download but I *don't* recommend you install it.</div>
<div> </div>
<div><span style="color:#236fa1"><strong>I won't. Not worth it. nslookup seems to be working well enough. And, as stated below, I'll get Wireshark installed.</strong></span> </div>
<div> </div>
<div>Windows nslookup is actually not bad for making test queries, especially if used in interactive mode. Again, read the help to see what options it has.</div>
<div> </div>
<div><span style="color:#236fa1"><strong>Precisely. </strong></span></div>
<div> </div>
Wireshark can be downloaded and installed for free and I recommend that you do that on the Windows machine, so that when you have captured traffic on the Ubuntu server, once you have copied the capture file to Windows you can open it in Wireshark there. Wireshark can also capture packets, like tcpdump, so you can use it to see exactly what your Windows machine is doing with DNS.</div>
<div dir="ltr">
<div> </div>
<div><span style="color:#236fa1"><strong>I'll go ahead and do it. I might actually have it already for install on Windows, but I'll check for the most current version.</strong></span></div>
<div> </div>
<div>Hopefully this lot gives you some things to try and also to read, to understand the behaviour you are seeing.</div>
<div>Cheers, Greg</div>
<div> </div>
<div><span style="color:#236fa1"><strong>Thanks much again!</strong></span></div>
<div><a id="m_5365720856653534982v1m_-3584889387570202840m_-8546348764678926612m_-8923773910631277157m_3652235534243046094plusReplyChip-1" rel="noreferrer"></a></div>
</div>
<br>
<div>
<div dir="ltr">On Sat, 10 May 2025 at 06:01, Danilo Godec via bind-users <<a href="mailto:bind-users@lists.isc.org" rel="noreferrer noreferrer" target="_blank">bind-users@lists.isc.org</a>> wrote:</div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid #cccccc;padding-left:1ex">
<div>
<div>On 10.05.2025 05:29, <a href="mailto:bind9@clearviz.biz" rel="noreferrer noreferrer" target="_blank">bind9@clearviz.biz</a> wrote:</div>
<blockquote type="cite" style="padding:0 0.4em;border-left:#1010ff 2px solid;margin:0">
<p>>Also check /etc/resolv.conf and see what address(es) is/are listed as nameservers.</p>
<p><span style="color:#236fa1"><strong>The resolv.conf file contains:</strong></span></p>
<p><span style="color:#236fa1"><strong> nameserver 127.0.0.53</strong></span></p>
<p><span style="color:#236fa1"><strong> search <a href="http://mydomain.net" rel="noopener noreferrer noreferrer" target="_blank">mydomain.net</a> (where mydomain is my actual domain name and not the FQDN of the machine (i.e. "<a href="http://machine01.mydomain.net" rel="noopener noreferrer noreferrer" target="_blank">machine01.mydomain.net</a>")). </strong></span></p>
<p><span style="color:#236fa1"><strong>This was entered by default as BIND was installed. I am wondering if the "namesever" should be the machine name on which the server is running and not 127.0.0.53 And I gather the 53 on the end has to do with the port on which it's listening. I'm not sure if it's correct that the 4th octet is substituted like that. <br></strong></span></p>
</blockquote>
<p>/etc/resolv.conf is not changed or set by BIND, as far as I know it's got nothing to do with BIND at all.</p>
<p>IIRC Ubuntu is using 'systemd-resolved' (a local resolver with cache) and 127.0.0.53 is the address it listens on, so you might need to check that with 'resolvectl dns'.</p>
<p>Then check what is listening on port 53 (netstat -anp | egrep ":53.*LISTEN") on the server. </p>
<p>And also check what DNS servers your DHCP sets.</p>
<p><br></p>
<p> Danilo</p>
<p><br></p>
<div>
<div> </div>
</div>
</div>
-- <br>Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noopener noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br><br>ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noopener noreferrer noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br><br><br>bind-users mailing list<br><a href="mailto:bind-users@lists.isc.org" rel="noreferrer noreferrer" target="_blank">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noopener noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a></blockquote>
</div>
</div>
</blockquote>
<p><br></p>
</div>
</blockquote></div>