Dig/nslookup error

[MrZoidberg]

Hi,

I have a very strange problem and I even don't know where to look at.

My setup is the following (faked domain name for privacy purposes). I have Technitium DNS working on Orange Pi Zero 3 in docker with the following compose file:

services:
  dns-server:
    container_name: technitium-dns-server
    image: technitium/dns-server:latest
    hostname: ${DNS_SERVER_HOSTNAME}
    networks:
      macvlan-dns-0:
       ipv4_address: ${DNS_SERVER_IP}
       mac_address: ${DNS_SERVER_MAC}
      internal_dns_net:
    environment:
      - DNS_SERVER_DOMAIN=${TITANIUM_DNS_SERVER_DOMAIN} 
      - DNS_SERVER_ADMIN_PASSWORD=${TITANIUM_DNS_ADMINP_PWD} 
      - DNS_SERVER_WEB_SERVICE_HTTP_PORT=${TITANIUM_HTTP_WEB_PORT} 
      - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=${TITANIUM_HTTPS_WEB_PORT} 
      - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true 
      - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
      - TZ=${TZ} #Timezone
    dns:
      - ${ADGUARD_FIRST_IP}
      - ${ADGUARD_SECOND_IP}
    dns_search: lan
    volumes:
      - config:/etc/dns
      - /mnt/homelab:/etc/data:ro
    restart: always

volumes:
    config:

networks:
  macvlan-dns-0:
    name: macvlan-dns-0
    driver: macvlan
    driver_opts:
      parent: end0
    ipam:
      config:
        - subnet: "${DNS_SERVER_SUBNET}"
          ip_range: "${DNS_SERVER_IP_RANGE}"
          gateway: "${DNS_SERVER_GATEWAY}"
  internal_dns_net:
    external: true

and the following env variables:

TITANIUM_DNS_SERVER_DOMAIN=ns2.fakedomain.com
TITANIUM_DNS_ADMINP_PWD=test
TZ=Europe/Kyiv
TITANIUM_HTTP_WEB_PORT=80
TITANIUM_HTTPS_WEB_PORT=443
TITANIUM_DNS_PORT=53
DNS_SERVER_IP=192.168.10.9
DNS_SERVER_HOSTNAME=ns2
DNS_SERVER_MAC=de:ad:be:ef:00:02
DNS_SERVER_SUBNET=192.168.10.0/24
DNS_SERVER_IP_RANGE=192.168.10.0/24
DNS_SERVER_GATEWAY=192.168.10.1
ADGUARD_SECOND_IP=192.168.110.10
ADGUARD_FIRST_IP=172.18.0.2

Most of the DNS server settings are left default if not overridden by env variables, I just added TLS cert for a web console, denied recursion since I intended this setup to be internal needs only.

Then I added a zone for internal.fakedomain.com:

Now I'm trying to test this zone from my MacBook with dig and nslookup and both failed:

Appreciate any help

[ShreyasZare]

Thanks for the post. Please try to test using the DNS Client tool that is available on the DNS admin panel and share the output you see there.

[MrZoidberg]

I got this error when trying this tool:

[2024-08-11 13:49:06 UTC] [127.0.0.1:54118] [TCP] QNAME: internal.***.online; QTYPE: ANY; QCLASS: IN; RCODE: NoError; ANSWER: [ns1.***.online., ns1.***.online. miha****.gmail..com. 3 900 300 604800 900]
[2024-08-11 13:49:06 UTC] [192.168.110.48:63521] System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
   at TechnitiumLibrary.Net.Dns.DnsDatagram.DeserializeDomainName(Stream s, Int32 maxDepth, Boolean ignoreMissingNullTermination, Boolean isEmailAddress) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsDatagram.cs:line 551
   at TechnitiumLibrary.Net.Dns.DnsDatagram.ReadFrom(Stream s) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsDatagram.cs:line 207
--- End of stack trace from previous location ---
   at TechnitiumLibrary.Net.Dns.DnsClient.<>c__DisplayClass87_0.<<InternalResolveAsync>g__DoResolveAsync|1>d.MoveNext() in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4327
--- End of stack trace from previous location ---
   at TechnitiumLibrary.Net.Dns.DnsClient.InternalResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4689
   at TechnitiumLibrary.Net.Dns.DnsClient.InternalNoDnssecResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4703
   at DnsServerCore.WebServiceApi.ResolveQueryAsync(HttpContext context) in Z:\Technitium\Projects\DnsServer\DnsServerCore\WebServiceApi.cs:line 335
   at DnsServerCore.DnsWebService.WebServiceApiMiddleware(HttpContext context, RequestDelegate next) in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsWebService.cs:line 652
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)

[MrZoidberg]

Similar problem if I try to add secondary zone on another dns server instance:

] DnsServerCore.Dns.DnsServerException: DNS Server failed to find SOA record for: internal.mmerk.online
 ---> System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
   at TechnitiumLibrary.Net.Dns.DnsDatagram.DeserializeDomainName(Stream s, Int32 maxDepth, Boolean ignoreMissingNullTermination, Boolean isEmailAddress) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsDatagram.cs:line 551
   at TechnitiumLibrary.Net.Dns.DnsDatagram.ReadFrom(Stream s) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsDatagram.cs:line 207
--- End of stack trace from previous location ---
   at TechnitiumLibrary.Net.Dns.DnsClient.<>c__DisplayClass87_0.<<InternalResolveAsync>g__DoResolveAsync|1>d.MoveNext() in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4327
--- End of stack trace from previous location ---
   at TechnitiumLibrary.Net.Dns.DnsClient.InternalResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4689
   at TechnitiumLibrary.Net.Dns.DnsClient.InternalNoDnssecResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4703
   at DnsServerCore.Dns.Zones.SecondaryZone.CreateAsync(DnsServer dnsServer, String name, String primaryNameServerAddresses, DnsTransportProtocol zoneTransferProtocol, String tsigKeyName) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\Zones\SecondaryZone.cs:line 137
   --- End of inner exception stack trace ---
   at DnsServerCore.Dns.Zones.SecondaryZone.CreateAsync(DnsServer dnsServer, String name, String primaryNameServerAddresses, DnsTransportProtocol zoneTransferProtocol, String tsigKeyName) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\Zones\SecondaryZone.cs:line 146
   at DnsServerCore.Dns.ZoneManagers.AuthZoneManager.CreateSecondaryZoneAsync(String zoneName, String primaryNameServerAddresses, DnsTransportProtocol zoneTransferProtocol, String tsigKeyName) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\ZoneManagers\AuthZoneManager.cs:line 1033
   at DnsServerCore.WebServiceZonesApi.CreateZoneAsync(HttpContext context) in Z:\Technitium\Projects\DnsServer\DnsServerCore\WebServiceZonesApi.cs:line 1198
   at DnsServerCore.DnsWebService.WebServiceApiMiddleware(HttpContext context, RequestDelegate next) in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsWebService.cs:line 652
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)

[ShreyasZare]

Thanks for the error log. The SOA record's Responsible Person email address seems to have an issue with two period characters. Please ensure that the email id is in correct format. This should fix the issue.

[MrZoidberg]

Thanks a lot, that helped, but faced another problem. The sync is not working:

[2024-08-11 14:28:00 UTC] DNS Server received a zone transfer response (RCODE=Refused) for 'internal.***.online' secondary zone from: ns1.***.online (192.168.110.9)

I've added IP of ns2 to primary zone's Zone Transfer list. What do I need also check?

[MrZoidberg]

got it working. it was a strange IP problem. I will look into that on the lan level, probably macvlan is not working correctly. thanks for help

[ShreyasZare]

Thanks a lot, that helped, but faced another problem.

Good to know that. I am updating the validation code to detect such cases in the UI input to prevent such issues.

The sync is not working:

[2024-08-11 14:28:00 UTC] DNS Server received a zone transfer response (RCODE=Refused) for 'internal.***.online' secondary zone from: ns1.***.online (192.168.110.9)

I've added IP of ns2 to primary zone's Zone Transfer list. What do I need also check?

Check the error on the primary zone too which should describe the reason for refusal. Most probably it could be typo in IP address or that request is coming from another IP address of the same server which was not listed.

[ShreyasZare]

got it working. it was a strange IP problem. I will look into that on the lan level, probably macvlan is not working correctly. thanks for help

Good to know that. You're welcome.