search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.25k stars 418 forks source link

[4.0.0] DNS server stop working. Repeated exceptions. #101

Closed Globulopolis closed 4 years ago

Globulopolis commented 4 years ago

Hi! Today DNS server stop resolving anything again. This happens in last month 3 times. OS Windows 7 ultimate with latest updates. In logs:

[2019-11-15 06:19:31 UTC] [10.10.10.2:57664] [UDP] QNAME: 6.123.100.164.in-addr.arpa; QTYPE: PTR; QCLASS: IN; RCODE: ServerFailure; ANSWER: []
[2019-11-15 06:19:32 UTC] DNS Server recursive resolution failed for QNAME: 6.123.100.164.in-addr.arpa; QTYPE: PTR; QCLASS: IN;
TechnitiumLibrary.Net.Dns.DnsClientException: DnsClient failed to resolve the request: no response from name servers.
   в TechnitiumLibrary.Net.Dns.DnsClient.Resolve(DnsDatagram request)
   в DnsServerCore.Dns.DnsServer.<>c__DisplayClass71_0.<RecursiveResolve>b__0(Object state)
....
[2019-11-15 13:55:36 UTC] [127.0.0.1:5380] Web Service (v4.0.0.0) was stopped successfully.
[2019-11-15 13:55:36 UTC] DHCP Server successfully unloaded scope: Default
[2019-11-15 13:55:36 UTC] Logging stopped.
[2019-11-15 13:56:42 UTC] Logging started.
[2019-11-15 13:56:42 UTC] DNS Server config file was loaded: E:\DNSServer\config\dns.config
[2019-11-15 13:56:42 UTC] DNS Server successfully loaded zone file: E:\DNSServer\config\zones\1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.zone
[2019-11-15 13:56:42 UTC] DNS Server successfully loaded zone file: E:\DNSServer\config\zones\1.0.0.127.in-addr.arpa.zone
[2019-11-15 13:56:42 UTC] DNS Server successfully loaded zone file: E:\DNSServer\config\zones\localhost.zone
[2019-11-15 13:56:42 UTC] DNS Server successfully loaded zone file: E:\DNSServer\config\zones\server.zone
[2019-11-15 13:56:42 UTC] DNS Server is loading allowed zone file: E:\DNSServer\config\allowed.config
[2019-11-15 13:56:42 UTC] [0.0.0.0:53] [UDP] DNS Server was bound successfully.
[2019-11-15 13:56:42 UTC] [0.0.0.0:53] [TCP] DNS Server was bound successfully.
[2019-11-15 13:56:42 UTC] [[::]:53] [UDP] DNS Server was bound successfully.
[2019-11-15 13:56:42 UTC] [[::]:53] [TCP] DNS Server was bound successfully.
[2019-11-15 13:56:42 UTC] [10.10.10.2:53] [UDP] DNS Server was bound successfully.
[2019-11-15 13:56:42 UTC] [10.10.10.2:53] [TCP] DNS Server was bound successfully.
[2019-11-15 13:56:42 UTC] DNS Server is loading custom blocked zone file: E:\DNSServer\config\custom-blocked.config
[2019-11-15 13:56:42 UTC] DNS Server custom blocked zone file was loaded: E:\DNSServer\config\custom-blocked.config
[2019-11-15 13:56:42 UTC] DNS Server blocked zone loading finished successfully.
[2019-11-15 13:56:42 UTC] [10.10.10.2:67] DHCP Server failed to activate scope: Default
System.NullReferenceException: Ссылка на объект не указывает на экземпляр объекта.
   в TechnitiumLibrary.Net.Dns.DnsClient.IsDomainNameValid(String domain, Boolean throwException)
   в DnsServerCore.Dns.Zone.SetRecords(String domain, DnsResourceRecordType type, UInt32 ttl, DnsResourceRecordData[] records)
   в DnsServerCore.Dhcp.DhcpServer.UpdateDnsAuthZone(Boolean add, Scope scope, Lease lease)
   в DnsServerCore.Dhcp.DhcpServer.ActivateScope(Scope scope)
[2019-11-15 13:56:42 UTC] DHCP Server successfully loaded scope: Default
[2019-11-15 13:56:42 UTC] DHCP Server successfully loaded scope file: E:\DNSServer\config\scopes\Default.scope
[2019-11-15 13:56:42 UTC] [0.0.0.0:5380] Web Service (v4.0.0.0) was started successfully.
[2019-11-15 13:56:48 UTC] DNS Server recursive resolution failed for QNAME: 66.127.38.92.in-addr.arpa; QTYPE: PTR; QCLASS: IN;
System.Security.Authentication.AuthenticationException: Ошибка вызова SSPI, см. внутреннее исключение. ---> System.ComponentModel.Win32Exception: Получено непредвиденное сообщение или оно имеет неправильный формат
   --- Конец трассировки внутреннего стека исключений ---
   в System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   в System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   в System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   в System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   в System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   в System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   в System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
   в TechnitiumLibrary.Net.Dns.ClientConnection.TlsClientConnection.GetNetworkStream(Socket socket)
   в TechnitiumLibrary.Net.Dns.ClientConnection.TcpClientConnection.GetConnection()
   в TechnitiumLibrary.Net.Dns.ClientConnection.TcpClientConnection.Query(DnsDatagram request)
   в TechnitiumLibrary.Net.Dns.DnsClient.Resolve(DnsDatagram request)
   в DnsServerCore.Dns.DnsServer.<>c__DisplayClass71_0.<RecursiveResolve>b__0(Object state)

And in DHCP scopes default scope is not active. If I try to enable scope I get exception again.

ShreyasZare commented 4 years ago

Thanks for the details.

The DHCP scope failing activation is due to some invalid character in domain name. Do you have any domain name configured in the DHCP Scope settings? Do check if there are any extra characters like space or non-ASCII characters. Try removing the domain name entirely and see if the scope is getting activated.

The resolution errors that you posted are 2 different ones. For first one, the server didnt receive any response within timeout value of 2 seconds. Also, the name server for that reverse zone includes '@' character in its SOA record responsible person field which is failing validation too. Just check the error that you get with DNS Client: https://dnsclient.net/#Recursive%20Query%20(recursive-resolver)/164.100.123.6/PTR/UDP

The second error is causing failed resolution due to SSL/TLS authentication failure. The server seems to be configured with DNS-over-TLS (DoT) forwarder which is giving issues. It may not be issue with the DoT Server but with the fact that you are using Windows 7 which will not get newer TLS updates. You may try using some other DoT server but, its recommended that you switch to Window 10 as the SSL/TLS capabilities of the DNS Server are fully dependent on the OS.

Globulopolis commented 4 years ago

The DHCP scope failing activation is due to some invalid character in domain name. Do you have any domain name configured in the DHCP Scope settings? Do check if there are any extra characters like space or non-ASCII characters. Try removing the domain name entirely and see if the scope is getting activated.

No. It's only latin chars. And I removed domain name and cannot activate. Still same error.

its recommended that you switch to Window 10

No and no. I hate this sh***t product and ugly support from MS.

It may not be issue with the DoT Server but with the fact that you are using Windows 7 which will not get newer TLS updates

Don't known if this true, but server working good last three months. But sometimes it cannot get to work. I just reinstall server and it work good again.

ShreyasZare commented 4 years ago

No. It's only latin chars. And I removed domain name and cannot activate. Still same error.

Its seems to be the same bug in issue #71

Don't known if this true, but server working good last three months. But sometimes it cannot get to work. I just reinstall server and it work good again.

Do post any errors in log if you get the same issue with new install.

ShreyasZare commented 4 years ago

Technitium DNS Server v4.1 is now available that fixes this issue.