Installer breaks DNS and fails on name resolution

Help with Unusual Circumstances
22

Does this mean something is wrong on ISP’s side? What it could be? DNS on this machine was working just fine, before I started the setup.

I think this comes from bind.
local domain redacted to “subdomain.example.com

Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 193.0.14.129#53
Jul  9 18:07:34 miab named[1040]: resolver priming query complete
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 202.12.27.33#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 193.0.14.129#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 193.0.14.129#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.228.79.201#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.228.79.201#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.33.4.12#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.33.4.12#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 199.7.83.42#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 199.7.83.42#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.58.128.30#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.58.128.30#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.36.148.17#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.36.148.17#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 198.97.190.53#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 198.97.190.53#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.112.36.4#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.112.36.4#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 199.7.91.13#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 199.7.91.13#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.203.230.10#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.203.230.10#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 198.41.0.4#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 198.41.0.4#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 193.0.14.129#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 193.0.14.129#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.5.5.241#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.5.5.241#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 202.12.27.33#53
Jul  9 18:07:34 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 202.12.27.33#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 192.228.79.201#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 192.228.79.201#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 192.228.79.201#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 198.97.190.53#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 198.97.190.53#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 198.97.190.53#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 192.33.4.12#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 192.33.4.12#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 192.33.4.12#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 192.36.148.17#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 192.36.148.17#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 192.36.148.17#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 192.112.36.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 192.112.36.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 192.112.36.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 192.58.128.30#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 192.58.128.30#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 192.58.128.30#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 199.7.83.42#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 199.7.83.42#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 199.7.83.42#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 199.7.91.13#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 199.7.91.13#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 199.7.91.13#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 192.203.230.10#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 192.203.230.10#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 192.203.230.10#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 198.41.0.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 198.41.0.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 198.41.0.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 193.0.14.129#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 193.0.14.129#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 193.0.14.129#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 192.5.5.241#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 192.5.5.241#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 192.5.5.241#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving './NS/IN': 202.12.27.33#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/AAAA/IN': 202.12.27.33#53
Jul  9 18:08:04 miab named[1040]: resolver priming query complete
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com/A/IN': 202.12.27.33#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 198.41.0.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 198.41.0.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.5.5.241#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.5.5.241#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.112.36.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.112.36.4#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.203.230.10#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.203.230.10#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.58.128.30#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.58.128.30#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.33.4.12#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.33.4.12#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 198.97.190.53#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 198.97.190.53#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 193.0.14.129#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 193.0.14.129#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 199.7.83.42#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 199.7.83.42#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.36.148.17#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 192.36.148.17#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 199.7.91.13#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 199.7.91.13#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 202.12.27.33#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/A/IN': 202.12.27.33#53
Jul  9 18:08:04 miab named[1040]: REFUSED unexpected RCODE resolving 'ntp.ubuntu.com.subdomain.example.com/AAAA/IN': 192.228.79.201#53
1 Like
23

I’m just guessing. However, what I’m not guessing about is this is the first time I can recall seeing this posted to the forum, though I haven’t searched for some past post about it.

If this were a problem with the project, then the forum, the Slack channel, and the GitHub issues would be full of people with a show-stopper like this.

Did you try the suggestion about changing named.conf.options?

1 Like
24

Sure! Must be something specific to something! :slight_smile: Since the install is standard, must be something on the network, definetely.

Yes, Changed the file as sugested (any to ::1) but result is the same.

Do, at this point, DNS records for my domain matter?

25

If dig isn’t finding archive.ubuntu.com, something is going on related to networking or the server. That is why I would ask the ISP.

1 Like
26

Sure, but it was able to find it before I started the setup, so I was assuming DNS got broken on the machine itself, as nothing past it changed. If I do clean install of Ubuntu, resolution will work until I run the setup and in works on every other machine on the network as well.

So, I am wondering, what had changed after setup?

1 Like
27

In the event there are no further suggestion here, I would ask the ISP what they expect for networking, then come back post what they say, because there are >20,000 installs of MiaB and this is the first time I’ve heard of this, so my first guess is your ISP is requiring something that the project maintainers did not account for, but maybe someone else will post, because I’m out of ideas here.

1 Like
28

Ok, so it seems the bind9 server is responding, but is unable to resolve domains like archive.ubuntu.com
Maybe you already said it, but where and what are you installing this on?

1 Like
29

It’s freshly installed Ubuntu on VM, at home. Actually, I have tried two different hosts at two different locations. However, both locations have same ISP and network setup is pretty much the same, with OpenWRT based router in between. At one location, I am currently running Mailcow.

Normally, the router serves as a DNS server in my network and it works for all the other devices connected. At one location router runs Knot resolver while other runs Unbound.

1 Like
30

MiaB is developed with the assumption that it is running in a hosted VPS networking environment.

1 Like
31

Hey @Patrik I hay the same problem.

Is it possible your server provider is also managing the firewall? ALL WORKED after I allowed incoming ports 32768-65535 for UDP protocol.

Can somebody confirm this is the case?

1 Like
32

Well if you find someone (ISP) that is willing to set-up/create reverse DNS (rDNS) as a PTR-record and therefore Static IP address as well then you can run it at home/work.

I have one MIAB at home and I have no problems with it running few years now, I block on firewall level all requests to AWZ and RoundCube did not update before, but during past few upgrades of my MIAB @home it updated so maybe I need check my firewall rules for my AWZ IP’s to block :wink:

1 Like
33

I had the same thing happen. Essentially a vanilla Ubuntu 22.04 install. The installer installed bind and configured the local resolver to point to the localhost. All good, except bind was failing. The installer broke because it could no longer resolve DNS to pull more packages, etc. Restarting named didn’t fix anything.

TL;DR: I think the problem was related to dnssec-validation. I don’t know enough about dnssec to know what the RIGHT solution was, but what I did was change /etc/bind/named.conf.options - I twiddled dnssec-validation off and restarted named. That allowed bind to start working. I was then able to switch dnssec-validation back to “auto.” Hopefully things will continue to work from here on. (Hopefully bootstrapping a chicken-vs-egg problem.)

What I saw in the syslog output prior to fixing things:

Nov 27 09:48:45 box named[32595]: validating ./NS: no valid signature found
Nov 27 09:48:45 box named[32595]: no valid RRSIG resolving './NS/IN': 192.203.230.10#53
Nov 27 09:48:45 box named[32595]: managed-keys-zone: DNSKEY set for zone '.' could not be verified with current keys
Nov 27 09:48:45 box named[32595]: zone localhost/IN: loaded serial 2
Nov 27 09:48:45 box named[32595]: all zones loaded
Nov 27 09:48:45 box systemd[1]: Started BIND Domain Name Server.
Nov 27 09:48:45 box named[32595]: running
Nov 27 09:48:45 box named[32595]: validating ./NS: no valid signature found
Nov 27 09:48:45 box named[32595]: no valid RRSIG resolving './NS/IN': 192.36.148.17#53
Nov 27 09:48:45 box named[32595]: managed-keys-zone: DNSKEY set for zone '.' could not be verified with current keys
Nov 27 09:48:45 box named[32595]: validating ./NS: no valid signature found
Nov 27 09:48:45 box named[32595]: no valid RRSIG resolving './NS/IN': 199.7.91.13#53
Nov 27 09:48:45 box named[32595]: validating ./NS: no valid signature found
[...]

I’d love to know what the Right way to have fixed this was, but hopefully that helps someone who runs into the same problem.

1 Like