Queries still sent to root servers when forwarder set

[teejo75]

Problem I have noticed that even though I have a forwarder set, bind is still trying to query root servers.

Explanation My lan dns is a pihole that uses dns over https. I have rules on my router's firewall to redirect all dns queries on port 53 to the pihole. With lancache, I've noticed that when it queries the pihole, I also see identical queries at the same time coming from my router. Having enabled logging for redirects on my router, I can see that the lancache attempts to query root servers which get then redirected back to the pihole. If it weren't for the redirects these dns lookups to root servers could be considered a privacy leak, for what it's worth. On entering the lancache-dns container, I see that the bind installation by default has /etc/bind/named.conf.default-zones which has the "." zone configured.

Solution

I cloned this repo, added in overlay/etc/bind/named.conf.default-zones with the "." zone commented out, edited overlay/etc/bind/named.conf.options and add in forward only; under options, and rebuilt the container.

lancache-dns no longer tries to query root servers, and simply sends the request straight on to the forwarder.

This is a relatively simple solution for me, but may require some modification to your build scripts to have it dynamically add forward only; if a forwarder is set.

[markkundinger]

this may be fixed? I copied the named.conf.option from the latest version and it had the "forward only" already set.

[teejo75]

You realise this is like 3 years old now?