Bind Error Network Unreachable Resolving Debian
Contents |
With Bind Issues related to configuring your network Post Reply Print view Search Advanced search 4 posts • Page 1 of 1 borish Posts: 3 Joined: 2013/07/28 14:30:03 [SOLVED] Problem With Bind Quote Postby borish » named error network unreachable resolving 2013/07/28 15:03:45 Hi to you all,I have a problem with named.I install a new error network unreachable resolving dnskey in centos 6.3 server, installed bind on it, and at the begining every thing was OK.after that i installed some zone file, and lame servers error network unreachable resolving the problem is that i can't resolve any out side address.when i make "dig @192.168.1.190 google.co.il" i get:; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @192.168.1.190 google.co.il; (1 server found);; global options: +cmd;; connection timed out; no servers
Ubuntu Bind Disable Ipv6
could be reachedmy named.conf file:Code: Select all//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1;192.168.1.190; };
listen-on-v6 port 53 { none; };
error (network unreachable) resolving ubuntu directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "haikin.local" IN {
type master;
file "haikin.local.fw";
allow-update { none;};
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "haikin.local.rev";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Can you please HELP me !!Thank you. Top jorch Posts: 5 Joined: 2013/07/23 11:55:54 [SOLVED] Problem With Bind Quote Postby jorch » 2013/07/30 07:35:04 Hi,If you
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss bind options="-4" the workings and policies of this site About Us Learn more about
Bind9 Disable Ipv6
Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions
Dnssec-enable
Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up http://www.centos.org/forums/viewtopic.php?t=8744 Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top (network unreachable) error in my server logs up vote 2 down vote favorite 2 I'm getting lots of network unreachable lines in my Centos' messages log file. They seem they can't resolve to certain addresses which http://serverfault.com/questions/639061/network-unreachable-error-in-my-server-logs I do not have any ideas why my server has to resolve to them in the first place. Could anyone let me know the origin of such error? Am I under an attack? Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:48::1#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::19#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:2f::f#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:2f::f#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:1::803f:235#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:1::803f:235#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:503:c27::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:503:c27::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:1a::1#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::20#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:60::29#
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring http://serverfault.com/questions/77325/unreachable-resolving-domain developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how http://sgros.blogspot.com/2012/06/bind-and-network-unreachable-messages.html it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top unreachable resolving domain up vote 4 down vote favorite 2 got a strange selection of errors in my logwatch network unreachable that lists a 'network unreachable resolving nsX.somedomain.com' error repeatedly. This is on an Ubuntu 9.04 Server install with latest updates using bind for dns. I've seen various blog posts blaming the repeated entries on spamassasin, but I don't have that installed. The domains listed seem to be ones that are accessed within my network - but there's no reason my server should be attempting to resolve these - I have my ISP's name servers for that, and all my computers error network unreachable are configured to get DNS from the correct location. Any ideas for a solution would be incredibly helpful - my logwatch results are getting longer and longer! I've given an example of these logs below. network unreachable resolving 'e.ns.lanechange.info/A/IN': 2001:500:49::1#53: 1 Time(s) network unreachable resolving 'e.ns.lanechange.info/AAAA/IN': 2001:500:49::1#53: 1 Time(s) network unreachable resolving 'echochamber.me/A/IN': 2001:4830:120:1::1#53: 1 Time(s) I also have similar results for ROOT-SERVERS.NET domain-name-system bind logging share|improve this question edited Oct 22 '09 at 20:21 asked Oct 22 '09 at 19:53 Elliot Hughes 17817 Your post is quite contradictory: you say you use BIND on your Ubuntu machine and later you say you use the ISP's name servers for name resolution. Which sentence is correct? –bortzmeyer Oct 23 '09 at 10:22 I use BIND to serve my own DNS records ie the results for resborand.co.uk and its subdomains. I use my ISPs nameservers to resolve requests for everything else e.g google.com yahoo.com –Elliot Hughes Oct 24 '09 at 12:05 add a comment| 2 Answers 2 active oldest votes up vote 5 down vote It seems bind by default now tries to resolve queries recursively using ipv6. The log clearly states that bind tries to resolve recursively using ipv6, so I doubt that it isn't used for that. 2001:4830:120:1 is not reachable at least. Add -4 to the bind command line to disable this. For debian, this means to put OPTIONS="-u bind -4" into /e
file (messages are slightly obfuscated to protect innocent :)): Jun 29 14:32:11 someserver named[1459]: error (network unreachable) resolving 'www.eolprocess.com/A/IN': 2001:503:a83e::2:30#53 Jun 29 14:32:11 someserver named[1459]: error (network unreachable) resolving 'www.eolprocess.com/A/IN': 2001:503:231d::2:30#53 What these messages say is that network that contains address 2001:503:231d::2:30 is unreachable. So, what's happening? The problem is that all modern operating systems support IPv6 out of the box. The same is for growing number of software packages, among them is BIND too. So, operating system configures IPv6 address on interface and application thinks that IPv6 works and configures it. But, IPv6 doesn't work outside of the local network (there is no IPv6 capable router) so, IPv6 addresses, unless in local networks, are unreachable. So, you might ask now: but everything otherwise works, why is this case special! Well, the problem is that some DNS servers, anywhere in hierarchy, support IPv6, but not all. And when our resolver gets IPv6 address in response, it defaults to it and ignores IPv4. It obviously can not reach it so it logs a message and then tries IPv4. Once again, note that this IPv6 address can pop up anywhere in hierarchy, it isn't necessary to be on the last DNS server. In this concrete case name server for eolprocess.com doesn't support IPv6, but some name server for the top level com domain do support it! To prevent those messages from appearing add option -4 to bind during startup. On CentOS (Fedora/RHEL) add or modify the line OPTIONS in /etc/sysconfig/named so that it includes option -4, i.e. OPTIONS="-4" Posted by Stjepan Groš (sgros) at 14:49 Labels: bind, centos, dns, english, fedora, ipv4, ipv6, linux, named, netadm, network unreachable, problem, resolver, sysadm Location: Zagreb, Croatia 5 comments: joebuff said... /etc/sysconfing/n