[FS#858] Installing bind / named will cause resolving names failure due to race condition with network

LEDE Bugs lede-bugs at lists.infradead.org
Mon Jun 19 20:48:27 PDT 2017


A new Flyspray task has been opened.  Details are below. 

User who did this - helgadeville (helgadeville) 

Attached to Project - LEDE Project
Summary - Installing bind / named will cause resolving names failure due to race condition with network 
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Medium
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - Device TP-LINK MR-3220 v2.1 and 2.3 and 2.4 tested, LEDE 17.01.1 version.

After installing bind-server, setting "option port '0'" for dnsmasq (to disable DNS configuration) and using provided named.conf file (below), resolution of domain names to IP addresses breaks down.

I was able to track down the problem. There is race condition in bringing interfaces up, starting nptd service and named service, resulting in:
* named service beeing unable to open sockets and/or 
* ntpd service beeing unable to connect to ntp pool and set router time correctly and/or
* incorrect time setting causes dnssec of named to reject proper answers for dns resolving.

With no named installed, the dnsmasq itself often starts too early, but this is masked by it beeing reinitialized on lan interface up event.

This is a known openwrt problem, the workaround is described here: https://dev.openwrt.org/ticket/19427
and involves creating a "netwait" service. I have tested this workaround and confirmed it works, however it is not nice.

Here my named.conf:

// This is the primary configuration file for the BIND DNS server named.

acl locals {
	localhost;
	10.10.10/24;
};

options {
	directory "/tmp";

	forwarders {
	 	8.8.8.8;
	 	8.8.4.4;
	};

	recursion yes;
	allow-query { locals; };

	dnssec-validation auto;
	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { none; };
	listen-on { 127.0.0.1; 10.10.10.10; };
};

// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};


   

 

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=858



More information about the lede-bugs mailing list