GIT – Just noticed that on syslog file i have lots of bind9 errors like this :

named[25304]: error (network unreachable) resolving 'b.iana-servers.net/AAAA/IN': 2001:500:8d::53#53

This error is generated by bind9 when tries to use ipv6 addresses.
Here how ipv6 can be disabled on Debian/Ubuntu/RHEL/CentOS
Debian/Ubuntu
/etc/default/bind9 default file

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
OPTIONS="-u bind"

change it to

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
OPTIONS="-4 -u bind"

Once done reload bind9

/etc/init.d/bind9 reload

RHEL/CentOS
/etc/sysconfig/named default file

# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
#
# ROOTDIR="/some/where"  --  will run named in a chroot environment.
#                            you must set up the chroot environment
#                            (install the bind-chroot package) before
#                            doing this.
#
# OPTIONS="whatever"     --  These additional options will be passed to named
#                            at startup. Don't add -t here, use ROOTDIR instead.
#
# ENABLE_ZONE_WRITE=yes  --  If  is disabled, then allow named to write
#                            its zone files and create files in its $ROOTDIR/var/named
#                            directory, necessary for DDNS and slave zone transfers.
#                            Slave zones should reside in the $ROOTDIR/var/named/slaves
#                            directory, in which case you would not need to enable zone
#                            writes. If  is enabled, you must use only the
#                            'named_write_master_zones' variable to enable zone writes.
#
# ENABLE_SDB=yes         --  This enables use of 'named_sdb', which has support
#                        --  for the ldap, pgsql and dir zone database backends
#                        --  compiled in, to be used instead of named.
#
# _NAMED_DBUS=[1y]--  If NetworkManager is enabled in any runlevel, then
#                            the initscript will by default enable named's D-BUS
#                            support with the named -D option. This setting disables
#                            this behavior.
#
# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for GSS-TSIG)
#
# _ZONE_CHECKING  --  By default, initscript calls named-checkzone
#                            utility for every zone to ensure all zones are
#                            valid before named starts. If you set this option
#                            to 'yes' then initscript doesn't perform those checks.
#
ROOTDIR=/var/named/chroot

Just add the following code under ROOTDIR on the file

OPTIONS="-4"

Don’t try to remove the comment *#* without commenting again before — ie:

# OPTIONS="whatever"     --  These additional options will be passed to named

will be :

OPTIONS="-4"     #--  These additional options will be passed to named

Discovered during a recent project. Bind / Named was constantly spamming the logs about it being unable to reach servers. The logs revealed that we were talking IPv6 addresses. Which was assumed to be disabled.

The less cool part was that in “/etc/named.conf” the following was commented out.

//      listen-on-v6 port 53 { ::1; };

You then run

service named restart
Print Friendly

Comments

comments

Bài viết liên quan