Having recently built a centralised log server with RSyslog on one of my Raspberry Pi systems at home office, I'm finally getting to reap the rewards: small and not so small errors get noticed and resolved at last.
Network Unreachable Resolving IPv6 in named
I notice getting lots of named errors like this:
May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1683.awsdns-18.co.uk/A/IN': 2600 :9000:5301:5200::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1244.awsdns-27.org/A/IN': 2600:9 000:5306:5b00::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1683.awsdns-18.co.uk/AAAA/IN': 2 600:9000:5301:5200::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-573.awsdns-07.net/AAAA/IN': 2600 :9000:5301:c800::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1244.awsdns-27.org/AAAA/IN': 260 0:9000:5306:5b00::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-573.awsdns-07.net/A/IN': 2600:90 00:5305:4700::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-573.awsdns-07.net/AAAA/IN': 2600 :9000:5305:4700::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'flickr.com/DS/IN': 2001:503:231d::2 :30#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf2.yahoo.com/A/IN': 2406:8600:b8:f e03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf1.yahoo.com/A/IN': 2406:8600:b8:f e03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf2.yahoo.com/AAAA/IN': 2406:8600:b 8:fe03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf1.yahoo.com/AAAA/IN': 2406:8600:b 8:fe03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yahoodns.net/DS/IN': 2001:503:39c1: :30#53
Since they all looked like IPv6 addresses, I figured IPv6 would be the explanation. Since I'm not using IPv6 yet, the logical step to resolve issues was to disable IPv6.
Switch BIND9 named to using IPv4 only
By editing the /etc/default/bind9 file, it's very easy to enfore IPv4 ONLY mode.
Change OPTIONS line from this:
OPTIONS="-u bind"
to this:
OPTIONS="-u bind -4"
Now we just need to restart named daemon. Confusingly enough, it's done by restarting the service:
greys@becky:/ $ sudo systemctl restart bind9
let's quickly confirm bind9 status:
greys@becky:/ $ sudo systemctl status bind9 ● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-05-01 16:33:56 UTC; 3s ago Docs: man:named(8) Process: 3062 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS) Main PID: 3067 (named) CGroup: /system.slice/bind9.service └─3067 /usr/sbin/named -f -u bind -4 May 01 16:33:56 becky named[3067]: automatic empty zone: EMPTY.AS112.ARPA May 01 16:33:56 becky named[3067]: configuring command channel from '/etc/bind/rndc.key' May 01 16:33:56 becky named[3067]: command channel listening on 127.0.0.1#953 May 01 16:33:56 becky named[3067]: managed-keys-zone: loaded serial 788 May 01 16:33:56 becky named[3067]: zone 0.in-addr.arpa/IN: loaded serial 1 May 01 16:33:56 becky named[3067]: zone 127.in-addr.arpa/IN: loaded serial 1 May 01 16:33:56 becky named[3067]: zone localhost/IN: loaded serial 2 May 01 16:33:56 becky named[3067]: zone 255.in-addr.arpa/IN: loaded serial 1 May 01 16:33:56 becky named[3067]: all zones loaded May 01 16:33:56 becky named[3067]: running
That's it! Problem solved – no more IPv6 errors in named logs.
Leave a Reply