ipv6 bind to single v6-address

Florian tslbai at agilolfinger.de
Tue Jun 12 20:49:57 UTC 2007 

Mark Andrews schrieb:
>> Hello list,
>>
>> i'm running bind 9.3.4 on trustix 3.0.5. I'm using the precompiled
>> trustix-packages.
>> bind-libs-9.3.4-3tr
>> bind-9.3.4-3tr
>> bind-utils-9.3.4-3tr
>>
>> I have more ip-v6-adresses on my interface and want to bind the named on
>> a certain address like :
>> /etc/named.conf
>> -------------------
>> listen-on-v6 {
>>                 ::1;
>>                 2001:470:1f00:484::2;
>>         };
>> -------------------
>> #dig @2001:470:1f00:484::2 -6 -t aaaa www6.agilolfinger.de
>> dig is timing out
>>
>> #netstat -an | grep -E "(:53|:953|:32)"
>> tcp  0  0 194.77.3.34:53    0.0.0.0:*       LISTEN
>> tcp  0  0 127.0.0.1:53      0.0.0.0:*       LISTEN
>> tcp  0  0 127.0.0.1:953     0.0.0.0:*       LISTEN
>> tcp  0  0 127.0.0.1:51762   127.0.0.1:953   TIME_WAIT
>> tcp  0  0 127.0.0.1:51763   127.0.0.1:953   TIME_WAIT
>> tcp  0  0 ::1:953           :::*            LISTEN
>> udp  0  0 0.0.0.0:32772     0.0.0.0:*
>> udp  0  0 0.0.0.0:32773     0.0.0.0:*
>> udp  0  0 0.0.0.0:32912     0.0.0.0:*
>> udp  0  0 194.77.3.34:53    0.0.0.0:*
>> udp  0  0 127.0.0.1:53      0.0.0.0:*
>> udp  0  0 :::32913          :::*
>>
>> #tail /var/log/messages
>> starting BIND 9.3.4 -u named -c /etc/named.conf -t /var/lib/named/chroot
>> loading configuration from '/etc/named.conf'
>> listening on IPv4 interface lo, 127.0.0.1#53
>> listening on IPv4 interface eth0, 194.77.3.34#53
>> command channel listening on 127.0.0.1#953
>> command channel listening on ::1#953
>> named startup succeeded
>>     
>
> 	Configure your chroot environment to have a /proc.  That
> 	way named can check each of the IPv6 addresses in
> 	/proc/net/if_inet6 against the listen-on-v6 acl.
>  
>   
>> Bind is only starting an working with ipv6 if i do the following in
>> /etc/named.conf:
>> -------------------
>> listen-on-v6 {
>>     any;
>> };
>> -------------------
>> #dig @2001:470:1f00:484::2 -6 -t aaaa www6.agilolfinger.de
>> is resolving; ok
>>     
>
> 	Named special cases the "any;" acl for IPv6.  It uses packet
> 	info to make sure replies go come from the right address.
>  
>   
>> #netstat -an | grep -E "(:53|:953|:32)"
>> tcp   0  0 194.77.3.34:53    0.0.0.0:*  LISTEN
>> tcp   0  0 127.0.0.1:53      0.0.0.0:*  LISTEN
>> tcp   0  0 127.0.0.1:953     0.0.0.0:*  LISTEN
>> tcp   0  0 :::53             :::*       LISTEN
>> tcp   0  0 ::1:953           :::*       LISTEN
>> udp   0  0 0.0.0.0:32772     0.0.0.0:*
>> udp   0  0 0.0.0.0:32773     0.0.0.0:*
>> udp   0  0 0.0.0.0:32938     0.0.0.0:*
>> udp   0  0 194.77.3.34:53    0.0.0.0:*
>> udp   0  0 127.0.0.1:53      0.0.0.0:*
>> udp   0  0 :::32939          :::*
>> udp   0  0 :::53             :::*
>>
>>
>> It seems, that bind doesn't bind with port 53 to a single ip-v6-address.
>> I can't find anything about it in the isc-doku, the archives or
>> in google. Does anyone know a way to bind named:53 to a single ipv6-address?
>> Is it my fault, a trustix-problem or a bind issu?
>>
>> Thanks, Florian
>>     
Hi Mark!

thanks for the hint, it works! :-)
I added the following lines to my named Start-Skript:

...
mkdir -p ${JAIL_BASE}/proc/net
touch ${JAIL_BASE}/proc/net/if_inet6
chmod -R 555 ${JAIL_BASE}/proc
chmod 444 ${JAIL_BASE}/proc/net/if_inet6
mount --bind /proc/net/if_inet6
...


Bye, Florian

More information about the bind-users mailing list