bind9 inside of openvpn

December 22nd, 2009 by Michał Bielecki Leave a reply »

I was playing today a little with bind9. My goal was to resolve intranet and global domain names through one server that would be inside of openvpn intranet.

I configured all the necessary zones, and all was working fine directly from server (that is a server for both openvpn and bind9). After setting up the DNS to be vpn/bind server a  problem occured – I was not able to  resolve any domain name (neither intranet nor internet), from none of machines that were connected to vpn network.

In the /var/log/syslog I was getting

named[xxxx]: client query ’’ denied

Long story short, if you encounter such problem there is one simple solution. In your bind/named configuration (it will probably be /etc/bind/named.conf.options) set up following:

listen-on { any; };
allow-query { any; };

Of course you can switch “any” to any other IP address.

Funny thing is that “any” should be the default values for both options. It was’t for me.



  1. Br0th3r says:

    Make sure you VPN is setted up before bind starts, at least the interface or BIND will not listen on it.

  2. dajul says:

    Thank you!

    Using netstat, I noticed now tun0 interface is listening on UDP:53 too. Before it was only on TCP:53

Leave a Reply