Trouble with L5 networking

antonis · March 30, 2023, 8:32am

Still no luck. No matter what IP I use it says the same:

dnsmasq[910830]: failed to create listening socket for 10.55.0.1: Address already in use
dnsmasq[910830]: FAILED to start up

I tried netstat -ptuwnl there is no range starting with 10.
However I found entries such as
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 744/sshd: /usr/bin/

what is this 0.0.0.0 ?

antonis · March 30, 2023, 8:35am

I did install masterpdfeditor free edition because I needed to do some serious pdf editing. The install script adds
0.0.0.0 get.code-industry.net
to /etc/hosts

First this is very strange. Then I do not know if it relates to anything…

antonis · March 30, 2023, 8:56am

Got it!
We had a name services breakdown in the University since they keep this service on a Windows machine () and it got viruses (no news…). So I started bind to have access to the network for myself. This was a month ago. Bind kept running and causes this issue with L5.

How can I configure bind to not listen to the 10.XX range? I do not trust Windows and I may need again to have bind active.

irvinewade · March 30, 2023, 10:01am

When a service binds to listen on 0.0.0.0 it means that it is bound to the “any” address, which means that it will accept an inbound connection to any IP address that is currently assigned to the host that it is running on.

Similarly when a client binds its local port to 0.0.0.0 it means that the operating system will choose which of the local IP addresses is used.

That’s strange. This will cause a connection to that hostname to fail.

It is quite common to “blackhole” a domain by resolving the domain name to the IP address 0.0.0.0 e.g. if running PiHole to block google spying (but you can get the same effect by putting the domain name in /etc/hosts with the address 0.0.0.0).

(So you can see that 0.0.0.0 has a completely different effect depending on whether it is used by a local server, a local client or as the remote server.)

Well for a start you have to tell us which exact DNS resolver you are using. If you mean literally the bind package (which would actually be bind9 or some other version number) then unfortunately I am not using it and don’t have it installed and hence don’t have ready access to the man page. Do you have the bind9-doc package installed?

Maybe some light reading here: https://blyx.com/public/docs/bind9_isc_official.pdf

If your Manjaro PC only has one network interface (e.g. ethernet) and (likely) a given interface only has one IP address then you just want to listen on the IP address of that interface - rather than listening on the “any” IP address (0.0.0.0). And/Or it may also work to listen on the localhost IP address only (127.0.0.1), depending on exactly what you are doing with this server. Is it genuinely a DNS server to the local network or is it actually only responding to queries initiated on the PC itself?

Looks like you want options listen-on … (with appropriate syntax, refer section 6.2.14.4). You can have more than one listen-on if you need it. The point is to cover all the interfaces that you do want and not just say “any” interface (which is the default).

Things would be at the more complicated end of the spectrum if you also have WiFi on the PC and/or you routinely plug in other networking devices.

And of course make a copy first of whatever config file you are about to hack away at.

antonis · March 30, 2023, 10:08am

Thanks @irvinewade for the information. Yes it is bind9 I am now configuring /etc/named.conf to make it listen only to my external IP.

So I think all this was interesting, because bind9 has a default configuration to “any” (at least on Manjaro) and this blocks usb network sharing as needed by L5. Good to know!

irvinewade · March 30, 2023, 10:12am

… which is actually good if interfaces are dynamic i.e. new networking devices appear and disappear. (This is unlikely to be the case on a real DNS server but could apply to an end-user device which happens to be running its own DNS server.)

It’s also good for boot synchronisation i.e. service can come up without regard to which interfaces exist and have IP addresses (bearing in mind that it can take a long time for an interface to get an IP address if the interface is relying on DHCP, but a real DNS server is more likely to have a static IP address).

antonis · March 30, 2023, 11:11am

You are correct about dynamic IPs. But since you explained to me what 0.0.0.0 means then the best solution seems to be these lines in /etc/named.conf

       listen-on { !10.88.0.0/24; 
                   0.0.0.0/0;
};

and
systemctl restart named

The above seems to work fine here.

dcz · March 31, 2023, 6:21am

Name services and DHCP are separate things. If you configured bind to run a DHCP server on the “all” interface, then you might be breaking any network to which you connect by sending out rogue addresses. Not a great idea, better limit the service to what you need it to do.

irvinewade · March 31, 2023, 6:28am

I don’t think the bind9 package has DHCP server functionality. The problem may be that if you randomly start dnsmasq then it has both DNS and DHCP - and so it can conflict with another DNS server even though only the DHCP part of dnsmasq is needed.