We had a name services breakdown in the University since they keep this service on a Windows machine () and it got viruses (no news…). So I started bind to have access to the network for myself. This was a month ago. Bind kept running and causes this issue with L5.
How can I configure bind to not listen to the 10.XX range? I do not trust Windows and I may need again to have bind active.
When a service binds to listen on 0.0.0.0 it means that it is bound to the “any” address, which means that it will accept an inbound connection to any IP address that is currently assigned to the host that it is running on.
Similarly when a client binds its local port to 0.0.0.0 it means that the operating system will choose which of the local IP addresses is used.
That’s strange. This will cause a connection to that hostname to fail.
It is quite common to “blackhole” a domain by resolving the domain name to the IP address 0.0.0.0 e.g. if running PiHole to block google spying (but you can get the same effect by putting the domain name in /etc/hosts with the address 0.0.0.0).
(So you can see that 0.0.0.0 has a completely different effect depending on whether it is used by a local server, a local client or as the remote server.)
Well for a start you have to tell us which exact DNS resolver you are using. If you mean literally the bind package (which would actually be bind9 or some other version number) then unfortunately I am not using it and don’t have it installed and hence don’t have ready access to the man page. Do you have the bind9-doc package installed?
If your Manjaro PC only has one network interface (e.g. ethernet) and (likely) a given interface only has one IP address then you just want to listen on the IP address of that interface - rather than listening on the “any” IP address (0.0.0.0). And/Or it may also work to listen on the localhost IP address only (127.0.0.1), depending on exactly what you are doing with this server. Is it genuinely a DNS server to the local network or is it actually only responding to queries initiated on the PC itself?
Looks like you want optionslisten-on … (with appropriate syntax, refer section 188.8.131.52). You can have more than one listen-on if you need it. The point is to cover all the interfaces that you do want and not just say “any” interface (which is the default).
Things would be at the more complicated end of the spectrum if you also have WiFi on the PC and/or you routinely plug in other networking devices.
And of course make a copy first of whatever config file you are about to hack away at.
… which is actually good if interfaces are dynamic i.e. new networking devices appear and disappear. (This is unlikely to be the case on a real DNS server but could apply to an end-user device which happens to be running its own DNS server.)
It’s also good for boot synchronisation i.e. service can come up without regard to which interfaces exist and have IP addresses (bearing in mind that it can take a long time for an interface to get an IP address if the interface is relying on DHCP, but a real DNS server is more likely to have a static IP address).
Name services and DHCP are separate things. If you configured bind to run a DHCP server on the “all” interface, then you might be breaking any network to which you connect by sending out rogue addresses. Not a great idea, better limit the service to what you need it to do.
I don’t think the bind9 package has DHCP server functionality. The problem may be that if you randomly start dnsmasq then it has both DNS and DHCP - and so it can conflict with another DNS server even though only the DHCP part of dnsmasq is needed.