Weird issue with bind & router

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Thu May 25 23:47:34 UTC 2017 

As far as I know, the only "special" thing that BIND does consistently on a restart, that it doesn't do on a regular basis in normal operation, is a "priming" query to whatever is configured as root nameservers. I suppose it's _possible_ that there is something about priming queries, particularly, that exercises a codepath in the router, with a horrible bug in it. This is - as Mark speculated - much more likely if the router is trying to do something "smart" with your DNS, e.g. intrusion detection/prevention, reputation-based blacklisting, something like that. I'd look at the router config and see if you can turn any feature(s) like that *off*.

Failing that, if priming queries are the culprit, it should be fairly easy to reproduce the scenario, since one can issue identical-looking queries to the same root-nameserver destinations (the main difference between these and other command-line-generated queries would consist of making them non-recursive). If you can reproduce the issue at will, maybe the router manufacturer would actually listen to your trouble report.

Putting on my InfoSec paranoia hat for a second, if it's the *responses* to the priming queries that are causing the router to go belly-up, then this is a scary prospect indeed, since it raises the possibility that evildoers could send *spoofed* responses like that, to routers of that make/model, and this would be a powerful Denial of Service attack.

                                                                                                                                                                                                                                                                - Kevin



From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Chris Serella
Sent: Thursday, May 25, 2017 10:24 AM
To: bind-users at lists.isc.org
Subject: Weird issue with bind & router


I run a small dev system on my home network, housing dns etc all under the one server.

System: ubuntu16.04 server, ispconfig etc etc etc, you get the idea.

Anyway, the problem i am having comes down to the router rebooting (is it crashing? I cant tell) every time bind starts/restarts. This ordinarily wouldnt be an issue, DNS rarely changes so the service does not need restarting but the problem occurs on system boot too.

The router in question is a Plusnet Hub One which I believe is actually a repackaged BT Hub 5. The "server" is an ACER AX3300 desktop with ubuntu server installed.

Troubleshooting was difficult as i couldnt isolate what it was until i went over to ISPConfig for assistance, they informed me that a DNS reload on their software simply saves data to files and initiates a service restart.

With this information to hand I made no changes to the DNS in ISPConfig, instead i opened a terminal and tunnels into the server and issued a bind9 restart from there.

Sure enough the problem reared its ugly little head, The ssh session dropped out and looking over to the router i could see it was going through its power cycle. To be sure this wasn't some freakishly well timed coincidence, I completed the steps several times more (3) all with the same result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170525/b089e94f/attachment-0001.html>

More information about the bind-users mailing list