Bind9 Error Network Unreachable Resolving
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions
Named Error Network Unreachable Resolving
you might have Meta Discuss the workings and policies of error network unreachable resolving dnskey in this site About Us Learn more about Stack Overflow the company Business Learn more about hiring
Lame Servers Error Network Unreachable Resolving
developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and bind network unreachable network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top (network unreachable) error in my server logs up vote 2 down vote favorite 2 I'm getting lots of network unreachable error (network unreachable) resolving ubuntu lines in my Centos' messages log file. They seem they can't resolve to certain addresses which I do not have any ideas why my server has to resolve to them in the first place. Could anyone let me know the origin of such error? Am I under an attack? Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:48::1#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::19#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:2f::f#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:2f::f#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:1::803f:235#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:1::803f:235#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:503:c27::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:50
file (messages are slightly obfuscated to protect innocent :)): Jun 29 14:32:11 someserver named[1459]: error (network unreachable) resolving 'www.eolprocess.com/A/IN':
Bind9 Disable Ipv6
2001:503:a83e::2:30#53 Jun 29 14:32:11 someserver named[1459]: error (network unreachable) resolving 'www.eolprocess.com/A/IN': ubuntu bind disable ipv6 2001:503:231d::2:30#53 What these messages say is that network that contains address 2001:503:231d::2:30 is unreachable. So, what's happening?
Bind Options="-4"
The problem is that all modern operating systems support IPv6 out of the box. The same is for growing number of software packages, among them is BIND too. http://serverfault.com/questions/639061/network-unreachable-error-in-my-server-logs So, operating system configures IPv6 address on interface and application thinks that IPv6 works and configures it. But, IPv6 doesn't work outside of the local network (there is no IPv6 capable router) so, IPv6 addresses, unless in local networks, are unreachable. So, you might ask now: but everything otherwise works, why is this case special! http://sgros.blogspot.com/2012/06/bind-and-network-unreachable-messages.html Well, the problem is that some DNS servers, anywhere in hierarchy, support IPv6, but not all. And when our resolver gets IPv6 address in response, it defaults to it and ignores IPv4. It obviously can not reach it so it logs a message and then tries IPv4. Once again, note that this IPv6 address can pop up anywhere in hierarchy, it isn't necessary to be on the last DNS server. In this concrete case name server for eolprocess.com doesn't support IPv6, but some name server for the top level com domain do support it! To prevent those messages from appearing add option -4 to bind during startup. On CentOS (Fedora/RHEL) add or modify the line OPTIONS in /etc/sysconfig/named so that it includes option -4, i.e. OPTIONS="-4" Posted by Stjepan Groš (sgros) at 14:49 Labels: bind, centos, dns, english, fedora, ipv4, ipv6, linux, named, netadm, network unreachable, problem, resolver, sysadm Location: Zagreb, Croatia 5 comments: joebuff said... /etc/sysconfing/named should be/etc/sysconfig/named January 8, 2014 at 2:15
resolving 'www.SOME-DOMAIN.com/A/IN': :::#53 Edit /etc/default/bind9 and network unreachable add "-4" to the options so BIND9 does not resolve IPV6 (unless error network unreachable you have IPV6 connectivity, but in that case you shouldn't see this message aniway). Your OPTIONS line should look like this: OPTIONS="-u bind -4" . Prev Up NextChapter 8. Errors Home 8.3. managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found