Named Error Network Unreachable Resolving
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any error (network unreachable) resolving ubuntu questions you might have Meta Discuss the workings and policies of
Named Disable Ipv6
this site About Us Learn more about Stack Overflow the company Business Learn more about hiring options="-4" developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system error (network unreachable) resolving debian and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top (network unreachable) error in my server logs up vote 4 down vote favorite 2 I'm getting lots of
Ubuntu Bind Disable Ipv6
network unreachable lines in my Centos' messages log file. They seem they can't resolve to certain addresses which I do not have any ideas why my server has to resolve to them in the first place. Could anyone let me know the origin of such error? Am I under an attack? Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:48::1#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::19#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:2f::f#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:2f::f#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:1::803f:235#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:1::803f:235#53 Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:503:c27::2:30#53 Oct 23 11:39:03 server named[1585]: error (network unreac
file (messages are slightly obfuscated to protect innocent :)): Jun 29 14:32:11 someserver named[1459]: error (network unreachable) resolving 'www.eolprocess.com/A/IN': 2001:503:a83e::2:30#53 Jun 29 14:32:11 someserver named[1459]: error (network dnssec-enable unreachable) resolving 'www.eolprocess.com/A/IN': 2001:503:231d::2:30#53 What these messages say is that network that contains debian bind9 disable ipv6 address 2001:503:231d::2:30 is unreachable. So, what's happening? The problem is that all modern operating systems support IPv6 out of
Error (unexpected Rcode Refused) Resolving
the box. The same is for growing number of software packages, among them is BIND too. So, operating system configures IPv6 address on interface and application thinks that IPv6 works and http://serverfault.com/questions/639061/network-unreachable-error-in-my-server-logs configures it. But, IPv6 doesn't work outside of the local network (there is no IPv6 capable router) so, IPv6 addresses, unless in local networks, are unreachable. So, you might ask now: but everything otherwise works, why is this case special! Well, the problem is that some DNS servers, anywhere in hierarchy, support IPv6, but not all. And when our resolver gets IPv6 address http://sgros.blogspot.com/2012/06/bind-and-network-unreachable-messages.html in response, it defaults to it and ignores IPv4. It obviously can not reach it so it logs a message and then tries IPv4. Once again, note that this IPv6 address can pop up anywhere in hierarchy, it isn't necessary to be on the last DNS server. In this concrete case name server for eolprocess.com doesn't support IPv6, but some name server for the top level com domain do support it! To prevent those messages from appearing add option -4 to bind during startup. On CentOS (Fedora/RHEL) add or modify the line OPTIONS in /etc/sysconfig/named so that it includes option -4, i.e. OPTIONS="-4" Posted by Stjepan Groš (sgros) at 14:49 Labels: bind, centos, dns, english, fedora, ipv4, ipv6, linux, named, netadm, network unreachable, problem, resolver, sysadm Location: Zagreb, Croatia 5 comments: joebuff said... /etc/sysconfing/named should be/etc/sysconfig/named January 8, 2014 at 2:15 PM Stjepan Groš (sgros) said... Fixed. Thanks. January 8, 2014 at 9:41 PM Richard Leji said... I really appreciate ur help! April 18, 2014 at 2:27 AM Илья Окатов said... where can disable this option in ubuntu? May 22, 2014 at 3:08 PM aber hallo said... /etc/default/bind
network unreachable in /log/messages 6 posts / 0 new Log in or register to post comments Last post #1 Wed, 07/09/2014 - 07:46 drguild Bind 9, network unreachable in /log/messages Have a strange thing I run virtualmin on my system has https://www.virtualmin.com/node/33657 bind etc setup but I don't do any public DNS stuff its only for https://ubuntuforums.org/archive/index.php/t-2012921.html my local lan. I checked some logs out of interest and noticed Bind9 is spewing network unreachable messages on load. The amount of messages is too long (a few hundred lines of it) so here is the start of bind to a few of these messages. Everything is pretty much a default install my dms enteries are network unreachable my ISP ones with my server (itself) 127.0.0.1 and 192.168.1.1 listed first. My search DNS server is set as itself was set to my isp for some reason I think postfix did that as I use my external hostname which is my-static-ip.ispdomain.com.au. Apart fromt that I don't know how to fix this or turn whatever feature off if I don't need it. Any clues on this? Jul 7 20:51:42 server error (network unreachable) named[15364]: ----------------------------------------------------
Jul 7 20:51:42 server named[15364]: BIND 9 is maintained by Internet Systems Consortium,
Jul 7 20:51:42 server named[15364]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jul 7 20:51:42 server named[15364]: corporation. Support and training for BIND 9 are
Jul 7 20:51:42 server named[15364]: available at https://www.isc.org/support
Jul 7 20:51:42 server named[15364]: ----------------------------------------------------
Jul 7 20:51:42 server named[15364]: adjusted limit on open files from 4096 to 1048576
Jul 7 20:51:42 server named[15364]: found 2 CPUs, using 2 worker threads
Jul 7 20:51:42 server named[15364]: using up to 4096 sockets
Jul 7 20:51:42 server named[15364]: loading configuration from '/etc/named.conf'
Jul 7 20:51:42 server named[15364]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Jul 7 20:51:42 server named[15364]: using default UDP/IPv4 port range: [1024, 65535]
Jul 7 20:51:42 server named[15364]: using default UDP/IPv6 port range: [1024, 65535]
Jul 7 20:51:42 server named[15364]: listening on IPv6 interfaces, port 53
Jul 7 20:51:42 server named[15364]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 7 20:51:42 server named[15364]: listening on IPv4 interface eth0, 192.168.1.1#53
Jul 7 20:51:42 server named[15364]: generating session key for dynamic DNS
Jul 7 20:51:42 server named[15364]: sizing zone task pool based on 12 zones
Jul 7 20:51:42 server named[15364]: using built-in DLV key for view _default
Jul 7 20:51:42 server named[1536
sleep? cryptotheslowJune 30th, 2012, 06:46 AMHi, Simple setup here. 10.04 Server running BIND to provide DNS (no forwarders in the config, so querying root servers) to usually one 12.04 Desktop client. The 12.04 client has had dnsmasq removed so all DNS lookups go to the BIND server. I'm seeing long DNS lookup delays in applications on the 12.04 client when querying DNS after a period of inactivity on the client. e.g. Firefox will sit for upto 5 seconds with a status of "Looking up host xxxxxxxxx" before getting the response then displaying the page. Initially I thought it was to do with TTLs and caching so turned to dig using a domain that has a low TTL... first is right after I accessed the site, the second after the TTL expired - so 3msec and 138msec are not unreasonable for a cached and non-cached response respectively. crypto@ubulaptop1204:~$ date && dig roguevampires.net Sat Jun 30 05:54:10 BST 2012 ; <<>> DiG 9.8.1-P1 <<>> roguevampires.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13650 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;roguevampires.net. IN A ;; ANSWER SECTION: roguevampires.net. 542 IN A 213.175.213.194 ;; AUTHORITY SECTION: roguevampires.net. 542 IN NS ns1.impulsiveimagination.com. roguevampires.net. 542 IN NS ns2.impulsiveimagination.com. ;; ADDITIONAL SECTION: ns1.impulsiveimagination.com. 542 IN A 213.175.213.194 ns2.impulsiveimagination.com. 542 IN A 213.175.213.195 ;; Query time: 3 msec ;; SERVER: 192.168.1.67#53(192.168.1.67) ;; WHEN: Sat Jun 30 05:54:10 2012 ;; MSG SIZE rcvd: 143 crypto@ubulaptop1204:~$ date && dig roguevampires.net Sat Jun 30 06:17:57 BST 2012 ; <<>> DiG 9.8.1-P1 <<>> roguevampires.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24277 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;roguevampires.net. IN A ;; ANSWER SECTION: roguevampires.net. 600 IN A 213.175.213