bind9 inside of openvpn

December 22nd, 2009 by Michał Bielecki Leave a reply »

I was playing today a little with bind9. My goal was to resolve intranet and global domain names through one server that would be inside of openvpn intranet.

I configured all the necessary zones, and all was working fine directly from server (that is a server for both openvpn and bind9). After setting up the DNS to be vpn/bind server a  problem occured – I was not able to  resolve any domain name (neither intranet nor internet), from none of machines that were connected to vpn network.

In the /var/log/syslog I was getting

named[xxxx]: client 10.12.12.3#53461 query ’some.domain.name/A/IN’ denied

Long story short, if you encounter such problem there is one simple solution. In your bind/named configuration (it will probably be /etc/bind/named.conf.options) set up following:

listen-on { any; };
allow-query { any; };

Of course you can switch “any” to any other IP address.

Funny thing is that “any” should be the default values for both options. It was’t for me.

Posted in Uncategorized

You can follow any responses to this entry through the RSS 2.0 Feed. You can leave a response , or trackback from your own site.

Advertisement

2 comments

Add your comment
  1. Br0th3r says:
    December 27, 2009 at 3:40 am

    Make sure you VPN is setted up before bind starts, at least the interface or BIND will not listen on it.

  2. dajul says:
    September 14, 2010 at 1:36 pm

    Thank you!

    Using netstat, I noticed now tun0 interface is listening on UDP:53 too. Before it was only on TCP:53

Leave a Reply