hhs.gov resolvers broken, or BIND misconfigured?

Petr Spacek pspacek at redhat.com
Wed Mar 9 07:59:31 UTC 2016


On 8.3.2016 21:04, Daisuke HIGASHI wrote:
> Hi James,
> 
> ISC might not handle BIND 9.8's issue because it has been
> End of Life. You should ask Redhat for help or try latest BIND9.

Oh yes, open a support case about it.

> But that sounds like same issue described in http://pastebin.com/j84451Nz .
> Possible workaround is to run named in IPv4-only mode (e.g. named -4).
> 
> Several people in (Japanese) local community pointed out this issue and
> reported it to ISC two years ago. I don't know whether the issue
> has been fixed in latest BIND9...

I don't know either. In any case, you might try to disable IPv6 on the host to
avoid attempts to contact servers over IPv6 altogether as it might cause
various issues with other software, too.

For RHEL 6 please see
https://access.redhat.com/solutions/8709#rhel6disable

Recommended approach is to edit /etc/sysctl.conf and set following parameters:
# IPv6 support in the kernel, set to 0 by default
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

Have a nice day.

-- 
Petr Spacek  @  Red Hat


More information about the bind-workers mailing list