Closed IamTaoChen closed 8 months ago
ShreyasZare
commented
8 months ago Thanks for the feedback. Downgrading is not supported by Technitium DNS which is why its recommended to take a backup before upgrading.
For the wildcard issue, please post screenshots of the config where you are facing the problem. If you do not wish to post it here then send them over email to support@technitium.com.
IamTaoChen
commented
8 months ago
dns dig @127.0.0.1 wiki.eqe-lab.com
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> @127.0.0.1 wiki.eqe-lab.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29301
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;wiki.eqe-lab.com. IN A
;; AUTHORITY SECTION:
eqe-lab.com. 900 IN SOA eqe-lab.com. hostadmin.eqe-lab.com. 15 900 300 604800 900
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Nov 03 19:09:09 CET 2023
;; MSG SIZE rcvd: 91
➜ dns dig @127.0.0.1 test.eqe-lab.com
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> @127.0.0.1 test.eqe-lab.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28781
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;test.eqe-lab.com. IN A
;; AUTHORITY SECTION:
eqe-lab.com. 900 IN SOA eqe-lab.com. hostadmin.eqe-lab.com. 15 900 300 604800 900
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Nov 03 19:09:17 CET 2023
;; MSG SIZE rcvd: 91
➜ dns dig @127.0.0.1 hds.eqe-lab.com
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> @127.0.0.1 hds.eqe-lab.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9741
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;hds.eqe-lab.com. IN A
;; ANSWER SECTION:
hds.eqe-lab.com. 900 IN A 10.233.10.41
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Nov 03 19:09:24 CET 2023
;; MSG SIZE rcvd: 60I don't have these three dns-item.
ShreyasZare
commented
8 months ago Thanks for the details. I tried by creating the same zone on my local setup with same records and it is working as expected.
Please test using the DNS server's built-in DNS Client tool from the admin web panel and see if that works.
Also make sure that the DNS server is listening on the 127.0.0.1 port 53 using sudo netstat -nlptu command. Some times the port is used by dnsmasq or systemd-resolved.
IamTaoChen
commented
8 months ago I also test a new zone, it works. But I upgrade from 14, then some recordings don't work..(i dont' know why)
{
"Metadata": {
"NameServer": "eqe-lab.com (127.0.0.1)",
"Protocol": "Udp",
"DatagramSize": "91 bytes",
"RoundTripTime": "0.68 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "NxDomain",
"Version": 0,
"Flags": "None",
"Options": []
},
"Identifier": 0,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": true,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": false,
"RCODE": "NxDomain",
"QDCOUNT": 1,
"ANCOUNT": 0,
"NSCOUNT": 1,
"ARCOUNT": 1,
"Question": [
{
"Name": "wiki.eqe-lab.com",
"Type": "A",
"Class": "IN"
}
],
"Answer": [],
"Authority": [
{
"Name": "eqe-lab.com",
"Type": "SOA",
"Class": "IN",
"TTL": "900 (15 mins)",
"RDLENGTH": "34 bytes",
"RDATA": {
"PrimaryNameServer": "eqe-lab.com",
"ResponsiblePerson": "hostadmin@eqe-lab.com",
"Serial": 25,
"Refresh": 900,
"Retry": 300,
"Expire": 604800,
"Minimum": 900
},
"DnssecStatus": "Disabled"
}
],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "0 bytes",
"RDATA": {
"Options": []
},
"DnssecStatus": "Disabled"
}
]
}{
"Metadata": {
"NameServer": "eqe-lab.com (127.0.0.1)",
"Protocol": "Udp",
"DatagramSize": "58 bytes",
"RoundTripTime": "0.54 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "NoError",
"Version": 0,
"Flags": "None",
"Options": []
},
"Identifier": 0,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": true,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": false,
"RCODE": "NoError",
"QDCOUNT": 1,
"ANCOUNT": 1,
"NSCOUNT": 0,
"ARCOUNT": 1,
"Question": [
{
"Name": "*.eqe-lab.com",
"Type": "A",
"Class": "IN"
}
],
"Answer": [
{
"Name": "*.eqe-lab.com",
"Type": "A",
"Class": "IN",
"TTL": "900 (15 mins)",
"RDLENGTH": "4 bytes",
"RDATA": {
"IPAddress": "10.233.10.41"
},
"DnssecStatus": "Disabled"
}
],
"Authority": [],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "0 bytes",
"RDATA": {
"Options": []
},
"DnssecStatus": "Disabled"
}
]
}Thanks for the details. If possible, please share the complete zone so that the exact zone can be tested. You can export the zone from Options > Export Zone menu from the zone edit view. You can share it over email to support@technitium.com.
Aftermath
commented
8 months ago I am also having this issue after updating to 11.5.2 from 11.4.1. There is nothing special about my zone, its simply a few static A records to various IPv4 addresses and a wildcard (*) to a single IPv4 address.
Something I have noticed with the issue is that not all wildcards are NXDOMAIN. A few still work, i.e. 'grafana' will return the expected IPv4 addr, while 'pihole' will return NXDOMAIN. Both of these items are resolving to the wildcard, and do not have static entries otherwise.
The other thing of note is that any new random string I try to resolve against the wildcard resolves without issue, it is only some historically used names that are resolving NXDOMAIN.
Is this some sort of data migration problem?
Saik0Shinigami
commented
8 months ago I'd like to confirm the same information Aftermath published.
Domains that I used regularly under the wildcard no longer resolve (34 in total, out of something like ~70). Ones that I rarely use, or never used appear to resolve just fine.
So I presumed it was a Cache issue of some form... Cleared those on all 3 dns nodes. Nothing. Reboot... Nothing.
11.5.1 did this and now 11.5.2 as well.
What's most interesting is that I run 3 nodes and that all three lock up on the same names. I can't find a name that only resolves on one or fails to resolve on only one. These names were NEVER statically assigned. Always wildcard.
Roll-back to a previous backup is not an issue for me... But I forgot that all my dns servers update weekly on their own and I got lots of alarms ~45 minutes ago...
xionous
commented
8 months ago Hello,
I can confirm i am also having this issue, and upon testing i discovered that it only happens with queries that start with W or P.
Example:
[2023-11-05 16:30:05 UTC] [127.0.0.1:59908] [UDP] QNAME: a.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:30:13 UTC] [127.0.0.1:36532] [UDP] QNAME: b.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:30:21 UTC] [127.0.0.1:32837] [UDP] QNAME: c.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:30:28 UTC] [127.0.0.1:57049] [UDP] QNAME: d.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:30:40 UTC] [127.0.0.1:54624] [UDP] QNAME: e.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:30:47 UTC] [127.0.0.1:46753] [UDP] QNAME: f.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:30:54 UTC] [127.0.0.1:48903] [UDP] QNAME: g.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:31:05 UTC] [127.0.0.1:34552] [UDP] QNAME: h.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:31:12 UTC] [127.0.0.1:33530] [UDP] QNAME: i.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:31:21 UTC] [127.0.0.1:35477] [UDP] QNAME: j.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:31:30 UTC] [127.0.0.1:47731] [UDP] QNAME: k.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:31:39 UTC] [127.0.0.1:54825] [UDP] QNAME: l.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:31:48 UTC] [127.0.0.1:50612] [UDP] QNAME: m.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:31:57 UTC] [127.0.0.1:59309] [UDP] QNAME: n.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:32:03 UTC] [127.0.0.1:53381] [UDP] QNAME: o.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:32:16 UTC] [127.0.0.1:39638] [UDP] QNAME: p.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NxDomain; ANSWER: []
[2023-11-05 16:32:31 UTC] [127.0.0.1:43466] [UDP] QNAME: q.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:32:38 UTC] [127.0.0.1:46001] [UDP] QNAME: r.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:32:45 UTC] [127.0.0.1:47243] [UDP] QNAME: s.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:32:52 UTC] [127.0.0.1:39001] [UDP] QNAME: t.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:33:00 UTC] [127.0.0.1:56277] [UDP] QNAME: u.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:33:09 UTC] [127.0.0.1:34894] [UDP] QNAME: v.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:33:17 UTC] [127.0.0.1:46069] [UDP] QNAME: w.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NxDomain; ANSWER: []
[2023-11-05 16:33:23 UTC] [127.0.0.1:54423] [UDP] QNAME: x.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:33:31 UTC] [127.0.0.1:43905] [UDP] QNAME: y.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:33:40 UTC] [127.0.0.1:40357] [UDP] QNAME: z.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]
[2023-11-05 16:33:51 UTC] [127.0.0.1:54362] [UDP] QNAME: ptest.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NxDomain; ANSWER: []
[2023-11-05 16:33:57 UTC] [127.0.0.1:42689] [UDP] QNAME: wtest.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NxDomain; ANSWER: []
[2023-11-05 16:34:04 UTC] [127.0.0.1:41542] [UDP] QNAME: dtest.int.domain.name; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [10.0.0.82]{
"Metadata": {
"NameServer": "tsdns.domain.int.inet (127.0.0.1)",
"Protocol": "Udp",
"DatagramSize": "121 bytes",
"RoundTripTime": "3.3 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "NxDomain",
"Version": 0,
"Flags": "None",
"Options": []
},
"Identifier": 0,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": true,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": false,
"RCODE": "NxDomain",
"QDCOUNT": 1,
"ANCOUNT": 0,
"NSCOUNT": 1,
"ARCOUNT": 1,
"Question": [
{
"Name": "ptest.int.domain.name",
"Type": "A",
"Class": "IN"
}
],
"Answer": [],
"Authority": [
{
"Name": "int.domain.name",
"Type": "SOA",
"Class": "IN",
"TTL": "900 (15 mins)",
"RDLENGTH": "58 bytes",
"RDATA": {
"PrimaryNameServer": "tsdns.domain.int.inet",
"ResponsiblePerson": "hostadmin@int.domain.name",
"Serial": 7,
"Refresh": 900,
"Retry": 300,
"Expire": 604800,
"Minimum": 900
},
"DnssecStatus": "Disabled"
}
],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "0 bytes",
"RDATA": {
"Options": []
},
"DnssecStatus": "Disabled"
}
]
}{
"Metadata": {
"NameServer": "tsdns.domain.int.inet (127.0.0.1)",
"Protocol": "Udp",
"DatagramSize": "121 bytes",
"RoundTripTime": "1.77 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "NxDomain",
"Version": 0,
"Flags": "None",
"Options": []
},
"Identifier": 0,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": true,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": false,
"RCODE": "NxDomain",
"QDCOUNT": 1,
"ANCOUNT": 0,
"NSCOUNT": 1,
"ARCOUNT": 1,
"Question": [
{
"Name": "wtest.int.domain.name",
"Type": "A",
"Class": "IN"
}
],
"Answer": [],
"Authority": [
{
"Name": "int.domain.name",
"Type": "SOA",
"Class": "IN",
"TTL": "900 (15 mins)",
"RDLENGTH": "58 bytes",
"RDATA": {
"PrimaryNameServer": "tsdns.domain.int.inet",
"ResponsiblePerson": "hostadmin@int.domain.name",
"Serial": 7,
"Refresh": 900,
"Retry": 300,
"Expire": 604800,
"Minimum": 900
},
"DnssecStatus": "Disabled"
}
],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "0 bytes",
"RDATA": {
"Options": []
},
"DnssecStatus": "Disabled"
}
]
}{
"Metadata": {
"NameServer": "tsdns.domain.int.inet (127.0.0.1)",
"Protocol": "Udp",
"DatagramSize": "67 bytes",
"RoundTripTime": "1.76 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "NoError",
"Version": 0,
"Flags": "None",
"Options": []
},
"Identifier": 0,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": true,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": false,
"RCODE": "NoError",
"QDCOUNT": 1,
"ANCOUNT": 1,
"NSCOUNT": 0,
"ARCOUNT": 1,
"Question": [
{
"Name": "dtest.int.domain.name",
"Type": "A",
"Class": "IN"
}
],
"Answer": [
{
"Name": "dtest.int.domain.name",
"Type": "A",
"Class": "IN",
"TTL": "60 (1 min)",
"RDLENGTH": "4 bytes",
"RDATA": {
"IPAddress": "10.0.0.82"
},
"DnssecStatus": "Disabled"
}
],
"Authority": [],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "0 bytes",
"RDATA": {
"Options": []
},
"DnssecStatus": "Disabled"
}
]
}Can anyone else confirm if this is the same for them?
Saik0Shinigami
commented
8 months ago [...] upon testing i discovered that it only happens with queries that start with W or P. [...] Can anyone else confirm if this is the same for them?
No. I cannot confirm.
git.\<domain>.com failed to resolve, but grocy.\<domain>.com was fine. I don't think it's strictly a letter-based issue.
Another example for me would be plex.\<domain>.com failed to resolve, but prowlarr.\<domain>.com and pass.\<domain>.com were fine.
xionous
commented
8 months ago [...] upon testing i discovered that it only happens with queries that start with W or P. [...] Can anyone else confirm if this is the same for them?
No. I cannot confirm.
git.
.com failed to resolve, but grocy. .com was fine. I don't think it's strictly a letter-based issue. Another example for me would be plex.
.com failed to resolve, but prowlarr. .com and pass. .com were fine.
Thank you for checking. For me, every single domain name i test, only ones that start with P or W do not resolve from the wild card. Every other domain name works fine, whether it is something i use commonly or something i have never used before. Very strange issue.
clintkev251
commented
8 months ago I've seen the same behavior. I have a very simple zone which I'll include below. Some of the domains under the wildcard work fine, some stopped resolving as soon as I updated, and some stopped resolving after some time. This behavior can be observed using the built in DNS client as well.
$ORIGIN domain.com.
@ 900 IN SOA dns-00. hostadmin 7 900 300 604800 900
@ 3600 IN NS dns-00.
@ 3600 IN NS dns-01.
@ 3600 IN A 192.168.40.25
* 3600 IN CNAME traefik.corp.traefik.corp is in another zone on the same server and is an A record. This resolves fine on its own. After rolling back things seem to be working correctly again.
Aftermath
commented
8 months ago @clintkev251 what version did you roll back to?
clintkev251
commented
8 months ago 11.4.1
ShreyasZare
commented
8 months ago Thank you everyone for the feedback. It seems to be a bug in wildcard matching. Will get this bug reproduced and fixed soon with an update.
ShreyasZare
commented
8 months ago Technitium DNS Server v11.5.3 is now available that fixes this issue. Do update and let me know your feedback.
xionous
commented
8 months ago Technitium DNS Server v11.5.3 is now available that fixes this issue. Do update and let me know your feedback.
Working now. Thank you for the quick response on the fix!
ShreyasZare
commented
7 months ago Technitium DNS Server v11.5.3 is now available that fixes this issue. Do update and let me know your feedback.
Working now. Thank you for the quick response on the fix!
Thanks for the feedback.
In the latest version (11.5), the DNS settings cannot utilize wildcards, whereas version 11.4 allows for it. Additionally, downgrading to 11.4 results in some data loss. I need assistance in translating this to English for bug submission purposes.