named[10663]: network unreachable resolving

Mark Andrews marka at isc.org
Thu Aug 11 21:30:47 UTC 2016


Your system has IPv6 addresses configured so named attempts to use
IPv6 to resolve names.  Ask your ISP for IPv6.  You may need to
upgrade your router to support IPv6.

The world ran out of enough IPv4 addresses to give every machine
its own unique address in about 1996 and we have been using NAT and
RFC 1981 addressing as stop gap for the last 20 years.  We have now
got to the stage where we don't have enough IPv4 addresses to give
each household their own IPv4 address.  It is past time to deploy
IPv6.

While you organise that you can tell named to only use IPv4 by
specifying -4 on the command line.

Alternatively you can use server clauses in named.conf to say what
IPv6 address space is reachable and what is not.

e.g.
	server ::/0 { bogus yes; };
	server ::1 { bogus no; };
	server fe80::/9 { bogus yes; };  // leaked link local
	server fc00::/7 { bogus yes; };  // leaked ULA addresses
	server fdxx:xxxx:xxxx::/48 { bogus no; };  // my ULA prefix

When you have external IPv6 connectivity this becomes

	server fe80::/9 { bogus yes; };  // leaked link local
	server fc00::/7 { bogus yes; };  // leaked ULA addresses
	server fdxx:xxxx:xxxx::/48 { bogus no; };  // my ULA prefix

Mark

In message <1470945476.29096.13.camel at embarqmail.com>, Chris writes:
> I use Bind as a local caching nameserver at my house mainly to speed up
> spamassassin queries. Until I upgraded my Ubuntu 14.04 to 16.04 last
> week all was working great. After the upgrade bind has been filling up
> my syslog with the above error. Running 'named -V' outputs:
>
> chris at localhost:~$ named -V
> BIND 9.10.3-P4-Ubuntu <id:ebd72b3>
> built by make with '--prefix=/usr' '--mandir=/usr/share/man' '
> --libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '
> --sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '
> --enable-largefile' '--with-libtool' '--enable-shared' '--enable-
> static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '
> --with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '
> --enable-filter-aaaa' '--enable-native-pkcs11' '--with-
> pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2
> -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-
> strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE'
> 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
> 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE'
> compiled by GCC 5.3.1 20160413
> compiled with OpenSSL version: OpenSSL 1.0.2g1 Mar 2016
> linked to OpenSSL version: OpenSSL 1.0.2g-fips1 Mar 2016
> compiled with libxml2 version: 2.9.3
> linked to libxml2 version: 20903
>
> Here are the errors as shownhttps://pastebin.com/yAMmGM80I notice
> they're all, as far as I can see, IPV6 addresses but looking at how
> bind has been compiled it shows 'enable-ipv6' unless I'm missing
> something.
>
> Here is my /etc/bind/named.conf.options file -https://pastebin.com/aFZ
> Ehdc4
>
> If it helps my /etc/resolv.conf -
>
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 127.0.0.1
>
>
> nameserver 127.0.0.1
> search PK5001Z
>
> Although I didn't mess with a single configuration file from 14.04 to
> 16.04 something somewhere along the upgrade got totally messed up.
>
> Thanks for any assistance
>
> Chris
>
> --
> Chris
> KeyID 0xE372A7DA98E6705C
> 31.11972; -97.90167 (Elev. 1092 ft)
> 14:31:30 up 2 days, 19:23, 2 users, load average: 0.52, 0.45, 0.29
> Ubuntu 16.04.1 LTS, kernel 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27
> 16:06:39 UTC 2016
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-users mailing list