crontab acme.sh report error curl 6

Discussion in 'General' started by rodinux, Nov 12, 2025.

  1. rodinux

    rodinux New Member

    Since we use acme.sh to get letsencrypt certificates we have every day a message with this from the server
    I supposed it was because the server have no IPv6, so I done these steps
    • remove IPv6 from UFW editing /etc/default/ufw with IPv6=no and reload ufw service
    • edit ubind to use only IPv4, in /etc/default/named edit with OPTIONS="-4 -u bind" and also on the service /etc/systemd/system/bind9.service edit with ExecStart=/usr/sbin/named -4 -f $OPTIONS and restart the service
    • in postfix also edit /etc/postfix/main.cf with inet_protocols = ipv4 and restart the service
    • Also in the system edit /etc/sysctl.conf with
    Code:
    net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
    and do
    Code:
    sysctl -p
    The IPv6 must be now desactivated
    Code:
    cat /proc/sys/net/ipv6/conf/all/disable_ipv6
1
    But we still have the problem.
    We haven't check the page Configuration of the server in admin of ISPConfig because a problem with name of the ethernet card... (not eth0).

    I have read something also about try with the digicerts links, so
    Code:
    curl ocsp.digicert.com/ping.html
curl: (6) Could not resolve host: ocsp.digicert.com
    and
    Code:
    curl -4 ocsp.digicert.com/ping.html
0
    I suppoded I have perhaps also to edit the apache2 confs to chnage all by IPv4 ?? But the sites are configured to use * in the creation, so it's a bad idea ??

    How can I resolve this ??
    Something singular also, the server ISPConfig has a hostname with something like web1.somename.domain.tld (use for the postfix also) but the domain we use for the interface is somename.domain.tld
    How could I resolve this ? Could I replace in tha apache2 configs * by 0.0.0.0 and the Listen by Listen 0.0.0.0 ??
    Any idea to force use IPv4 only ?

    Actual report of the server
    Code:
    ##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 12 (bookworm)
 
[INFO] uptime:  10:51:56 up 13 days, 16:59,  6 users,  load average: 0,17, 0,20, 0,33
 
[INFO] memory:
               total       utilisé      libre     partagé tamp/cache   disponible
Mem:           7,8Gi       4,3Gi       1,6Gi       296Mi       2,4Gi       3,5Gi
Échange:       974Mi       974Mi       784Ki
 
[INFO] systemd failed services status:
  UNIT            LOAD      ACTIVE SUB    DESCRIPTION
● certbot.service not-found failed failed certbot.service

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
1 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.3.0p1


##### VERSION CHECK #####

[INFO] php (cli) version is 8.2.28
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.2.28

##### PORT CHECK #####

[WARN] Port 21 (FTP server) seems NOT to be listening
[WARN] Port 22 (SSH server) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 834809)
[INFO] I found the following mail server(s):
    Postfix (PID 457533)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 460017)
[INFO] I found the following imap server(s):
    Dovecot (PID 460017)
[WARN] I could not determine which ftp server is running.

##### LISTENING PORTS #####
(seulement        ()
Adresse        (distante)
[anywhere]:10050        (784/zabbix_agentd)
[localhost]:10023        (592/postgrey)
[anywhere]:587        (457533/master)
[anywhere]:995        (460017/dovecot)
[anywhere]:993        (460017/dovecot)
[localhost]:53        (730/named)
[localhost]:53        (730/named)
[localhost]:53        (730/named)
[localhost]:53        (730/named)
[anywhere]:110        (460017/dovecot)
[localhost]:953        (730/named)
[localhost]:953        (730/named)
[localhost]:953        (730/named)
[localhost]:953        (730/named)
[anywhere]:4190        (460017/dovecot)
[anywhere]:25        (457533/master)
[localhost]:783        (748/perl)
[anywhere]:143        (460017/dovecot)
[anywhere]:465        (457533/master)
[anywhere]:7777        (776/sshd:)
***.***.***.***:53        (730/named)
***.***.***.***:53        (730/named)
***.***.***.***:53        (730/named)
***.***.***.***:53        (730/named)
[localhost]:3306        (212520/mariadbd)
[localhost]:11334        (396801/rspamd:)
[localhost]:11332        (396801/rspamd:)
[localhost]:11333        (396801/rspamd:)
[localhost]:6379        (739/redis-server)
[localhost]:11211        (729/memcached)
*:*:*:*::*:953        (730/named)
*:*:*:*::*:953        (730/named)
*:*:*:*::*:953        (730/named)
*:*:*:*::*:953        (730/named)
*:*:*:*::*:783        (748/perl)
[localhost]0050        (784/zabbix_agentd)
*:*:*:*::*:53        (730/named)
*:*:*:*::*:53        (730/named)
*:*:*:*::*:53        (730/named)
*:*:*:*::*:53        (730/named)
*:*:*:*::*:587        (457533/master)
*:*:*:*::*:10023        (592/postgrey)
*:*:*:*::*:995        (460017/dovecot)
*:*:*:*::*:993        (460017/dovecot)
[localhost]10        (460017/dovecot)
*:*:*:*::*:80        (834809/apache2)
*:*:*:*::*:4190        (460017/dovecot)
*:*:*:*::*:25        (457533/master)
*:*:*:*::*be24:11ff:fe9c:53        (730/named)
*:*:*:*::*be24:11ff:fe9c:53        (730/named)
*:*:*:*::*be24:11ff:fe9c:53        (730/named)
*:*:*:*::*be24:11ff:fe9c:53        (730/named)
[localhost]43        (460017/dovecot)
*:*:*:*::*:465        (457533/master)
*:*:*:*::*:443        (834809/apache2)
*:*:*:*::*:443        (834809/apache2)
*:*:*:*::*:7777        (776/sshd:)
*:*:*:*::*:8081        (834809/apache2)
*:*:*:*::*:8080        (834809/apache2)
*:*:*:*::*:6379        (739/redis-server)
*:*:*:*::*:11334        (396801/rspamd:)
*:*:*:*::*:11333        (396801/rspamd:)
*:*:*:*::*:11332        (396801/rspamd:)




##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination        
f2b-dovecot  6    --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993,587,465,4190
f2b-postfix-sasl  6    --  [anywhere]/0            [anywhere]/0            multiport dports 25
ufw-before-logging-input  0    --  [anywhere]/0            [anywhere]/0          
ufw-before-input  0    --  [anywhere]/0            [anywhere]/0          
ufw-after-input  0    --  [anywhere]/0            [anywhere]/0          
ufw-after-logging-input  0    --  [anywhere]/0            [anywhere]/0          
ufw-reject-input  0    --  [anywhere]/0            [anywhere]/0          
ufw-track-input  0    --  [anywhere]/0            [anywhere]/0

Chain FORWARD (policy DROP)
target     prot opt source               destination        
ufw-before-logging-forward  0    --  [anywhere]/0            [anywhere]/0          
ufw-before-forward  0    --  [anywhere]/0            [anywhere]/0          
ufw-after-forward  0    --  [anywhere]/0            [anywhere]/0          
ufw-after-logging-forward  0    --  [anywhere]/0            [anywhere]/0          
ufw-reject-forward  0    --  [anywhere]/0            [anywhere]/0          
ufw-track-forward  0    --  [anywhere]/0            [anywhere]/0          

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
ufw-before-logging-output  0    --  [anywhere]/0            [anywhere]/0          
ufw-before-output  0    --  [anywhere]/0            [anywhere]/0          
ufw-after-output  0    --  [anywhere]/0            [anywhere]/0          
ufw-after-logging-output  0    --  [anywhere]/0            [anywhere]/0          
ufw-reject-output  0    --  [anywhere]/0            [anywhere]/0          
ufw-track-output  0    --  [anywhere]/0            [anywhere]/0          

Chain f2b-dovecot (1 references)
target     prot opt source               destination        
RETURN     0    --  [anywhere]/0            [anywhere]/0          

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination        
REJECT     0    --  ***.***.***.***          [anywhere]/0            reject-with icmp-port-unreachable
REJECT     0    --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
REJECT     0    --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     0    --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
RETURN     0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-after-forward (1 references)
target     prot opt source               destination        

Chain ufw-after-input (1 references)
target     prot opt source               destination        
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:137
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:138
ufw-skip-to-policy-input  6    --  [anywhere]/0            [anywhere]/0            tcp dpt:139
ufw-skip-to-policy-input  6    --  [anywhere]/0            [anywhere]/0            tcp dpt:445
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:67
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:68
ufw-skip-to-policy-input  0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination        
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination        
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination        

Chain ufw-after-output (1 references)
target     prot opt source               destination        

Chain ufw-before-forward (1 references)
target     prot opt source               destination        
ACCEPT     0    --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-before-input (1 references)
target     prot opt source               destination        
ACCEPT     0    --  [anywhere]/0            [anywhere]/0          
ACCEPT     0    --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  0    --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       0    --  [anywhere]/0            [anywhere]/0            ctstate INVALID
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 8
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  0    --  [anywhere]/0            [anywhere]/0          
ACCEPT     17   --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     17   --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination        

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination        

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination        

Chain ufw-before-output (1 references)
target     prot opt source               destination        
ACCEPT     0    --  [anywhere]/0            [anywhere]/0          
ACCEPT     0    --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-logging-allow (0 references)
target     prot opt source               destination        
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination        
RETURN     0    --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination        
RETURN     0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
RETURN     0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
RETURN     0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-reject-forward (1 references)
target     prot opt source               destination        

Chain ufw-reject-input (1 references)
target     prot opt source               destination        

Chain ufw-reject-output (1 references)
target     prot opt source               destination        

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination        
DROP       0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination        
DROP       0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination        
ACCEPT     0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-track-forward (1 references)
target     prot opt source               destination        

Chain ufw-track-input (1 references)
target     prot opt source               destination        

Chain ufw-track-output (1 references)
target     prot opt source               destination        
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination        

Chain ufw-user-input (1 references)
target     prot opt source               destination        
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:110
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:143
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:465
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:587
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:993
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:995
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            udp dpt:53
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:7777
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            udp dpt:7777
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:10050
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            udp dpt:10050

Chain ufw-user-limit (0 references)
target     prot opt source               destination        
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     0    --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination        
ACCEPT     0    --  [anywhere]/0            [anywhere]/0          

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination        

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination        

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination        

Chain ufw-user-output (1 references)
target     prot opt source               destination        

##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh
[WARN] You have /etc/letsencrypt/live in place, although only acme.sh is installed. This might indicate a problem.
     
    rodinux, Nov 12, 2025
    #1
  2. rodinux

    rodinux New Member

    Ok, I am wrong because, I don't know why, sometime the command for the digicerts works as wanted ??
    Code:
    curl ocsp.digicert.com/ping.html
0
     
    rodinux, Nov 12, 2025
    #2
  3. remkoh

    remkoh Active Member HowtoForge Supporter

    You're all over the place.
    Everything you say about LE and curl tests all comes down to resolver issues.
    It has nothing to do with LE or your webserver config.
    And disabling ipv6 should not be necessary. Without an ipv6 gateway all your internettraffic will be ipv4.
    Solve your resolver issues and all should work as it is supposed to.
     
    remkoh, Nov 12, 2025
    #3
    ahrasis likes this.
  4. rodinux

    rodinux New Member

    So, we do not have IPv6 available on this server, we only have IPv4. Also we haven't activated the DNS server on this ISPConfig.

    I could see always the errors like this:
    Code:
    systemctl status bind9.service
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; preset: enabled)
     Active: active (running) since Fri 2025-10-24 22:26:37 CEST; 2 weeks 6 days ago
       Docs: man:named(8)
   Main PID: 891 (named)
     Status: "running"
      Tasks: 14 (limit: 9483)
     Memory: 66.1M
        CPU: 14min 55.873s
     CGroup: /system.slice/named.service
             └─891 /usr/sbin/named -f -u bind

nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns1.websupport.sk/AAAA/IN': 2001:678:90::1#53
nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns2.websupport.sk/A/IN': 2a04:2b00:13ff::16#53
nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns2.websupport.sk/AAAA/IN': 2a04:2b00:13ff::16#53
nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns3.websupport.sk/A/IN': 2a04:2b00:13ff::16#53
nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns3.websupport.sk/AAAA/IN': 2001:678:70::1#53
nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns2.websupport.sk/A/IN': 2001:678:70::1#53
nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns2.websupport.sk/AAAA/IN': 2001:678:70::1#53
nov. 14 12:25:38 web1 named[891]: address not available resolving 'ns3.websupport.sk/A/IN': 2001:678:70::1#53
nov. 14 12:25:39 web1 named[891]: success resolving 'mjt.lu.multi.uribl.com/A' after disabling qname minimization due to 'ncache nxdomain'
nov. 14 12:25:48 web1 named[891]: address not available resolving 'www.aldsm.fr/AAAA/IN': 2001:41d0:d00:f500::2#53

grep named /var/log/syslog
.....
2025-11-14T12:25:39.271922+01:00 web1 named[891]: success resolving 'mjt.lu.multi.uribl.com/A' after disabling qname minimization due to 'ncache nxdomain'
2025-11-14T12:25:48.387939+01:00 web1 named[891]: address not available resolving 'www.aldsm.fr/AAAA/IN': 2001:41d0:d00:f500::2#53
2025-11-14T12:29:55.369963+01:00 web1 named[891]: address not available resolving 'inscription.bioprog.com/AAAA/IN': 2001:41d0:d00:fa00::2#53
2025-11-14T12:30:00.597582+01:00 web1 named[891]: address not available resolving 'ns1.websupport.cz/A/IN': 2a10:bbc0::13#53
2025-11-14T12:30:00.597924+01:00 web1 named[891]: address not available resolving 'ns2.websupport.cz/A/IN': 2a10:bbc0::13#53
2025-11-14T12:30:00.598079+01:00 web1 named[891]: address not available resolving 'ns2.websupport.cz/AAAA/IN': 2a10:bbc0::13#53
2025-11-14T12:30:00.598242+01:00 web1 named[891]: address not available resolving 'ns1.websupport.cz/A/IN': 2a02:250:3::12#53
2025-11-14T12:30:00.598367+01:00 web1 named[891]: address not available resolving 'ns3.websupport.eu/A/IN': 2a02:250:3::12#53
2025-11-14T12:30:00.598500+01:00 web1 named[891]: address not available resolving 'ns1.websupport.cz/AAAA/IN': 2a02:250:3::12#53
2025-11-14T12:30:00.598633+01:00 web1 named[891]: address not available resolving 'ns1.websupport.cz/A/IN': 2a10:bbc0::11#53
2025-11-14T12:30:00.598753+01:00 web1 named[891]: address not available resolving 'ns2.websupport.cz/A/IN': 2a02:250:3::12#53
2025-11-14T12:30:00.598856+01:00 web1 named[891]: address not available resolving 'ns1.websupport.cz/AAAA/IN': 2a10:bbc0::11#53
2025-11-14T12:30:00.599039+01:00 web1 named[891]: address not available resolving 'ns2.websupport.cz/AAAA/IN': 2a02:250:3::12#53
2025-11-14T12:30:00.599190+01:00 web1 named[891]: address not available resolving 'ns3.websupport.eu/A/IN': 2a10:bbc0::11#53
2025-11-14T12:30:00.599319+01:00 web1 named[891]: address not available resolving 'ns1.websupport.cz/AAAA/IN': 2a10:bbc0::13#53
2025-11-14T12:30:00.599447+01:00 web1 named[891]: address not available resolving 'ns3.websupport.eu/AAAA/IN': 2a10:bbc0::11#53
2025-11-14T12:30:00.599608+01:00 web1 named[891]: address not available resolving 'ns2.websupport.cz/A/IN': 2a10:bbc0::11#53
2025-11-14T12:30:00.599726+01:00 web1 named[891]: address not available resolving 'ns2.websupport.cz/AAAA/IN': 2a10:bbc0::11#53
2025-11-14T12:30:00.831460+01:00 web1 named[891]: address not available resolving '127.bip.virusfree.cz/NS/IN': 2001:67c:15a0:4000:1:ea7:dead:beef#53
2025-11-14T12:30:00.831926+01:00 web1 named[891]: address not available resolving '127.bip.virusfree.cz/NS/IN': 2001:67c:1591:0:1:ea7:dead:beef#53
2025-11-14T12:30:00.832070+01:00 web1 named[891]: address not available resolving '1.0.0.127.bip.virusfree.cz/A/IN': 2001:67c:1591:0:1:ea7:dead:beef#53
2025-11-14T12:30:00.832205+01:00 web1 named[891]: address not available resolving '1.0.0.127.bip.virusfree.cz/A/IN': 2001:67c:15a0:4000:1:ea7:dead:beef#53
2025-11-14T12:33:09.073809+01:00 web1 named[891]: address not available resolving '1.0.0.127.zen.spamhaus.org/A/IN': 2001:19f0:6c01:1c92::1#53
2025-11-14T12:35:28.002733+01:00 web1 named[891]: address not available resolving 'sa-update.surbl.org/AAAA/IN': 2a01:4f9:6b:1c86::2#53
2025-11-14T12:35:28.003332+01:00 web1 named[891]: address not available resolving 'sa-update.surbl.org/AAAA/IN': 2a01:4f8:2200:4291::2#53
2025-11-14T12:35:28.003518+01:00 web1 named[891]: address not available resolving 'sa-update.surbl.org/AAAA/IN': 2a01:4f8:2200:4290::2#53
2025-11-14T12:35:28.003659+01:00 web1 named[891]: address not available resolving 'sa-update.surbl.org/AAAA/IN': 2a01:4f8:261:2a8a::2#5
    our `/etc/network/interfaces`
    Code:
    cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug ens18
#iface ens18 inet dhcp
auto ens18
iface ens18 inet static
        address XXX.XX.XX.XX
        netmask 255.255.255.0
        gateway XXX.XX.XX.1
    dns-nameservers 86.54.11.100 86.54.11.200
    we wanted use theses resolvers dns from DNS4all

    about the net card
    Code:
    nmcli device show
GENERAL.DEVICE:                         lo
GENERAL.TYPE:                           loopback
GENERAL.HWADDR:                         00:00:00:00:00:00
GENERAL.MTU:                            65536
GENERAL.STATE:                          100 (connecté (en externe))
GENERAL.CONNECTION:                     lo
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
IP4.ADDRESS[1]:                         127.0.0.1/8
IP4.GATEWAY:                            --
IP6.GATEWAY:                            --

GENERAL.DEVICE:                         ens18
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         BC:24:11:9C:70:A7
GENERAL.MTU:                            1500
GENERAL.STATE:                          10 (non-géré)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
WIRED-PROPERTIES.CARRIER:               marche
IP4.ADDRESS[1]:                         XXX.XX.XX.XX/24
IP4.GATEWAY:                            XXX.XX.XX.1
IP4.ROUTE[1]:                           dst = XXX.XX.XX.0/24, nh = 0.0.0.0, mt = 0
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = XXX.XX.XX.1, mt = 0
IP6.GATEWAY:                            --

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether bc:24:11:9c:70:a7 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet XXX.XX.XX.XX/24 brd XXX.XX.XX.255 scope global ens18
       valid_lft forever preferred_lft forever
    about resolvconf
    Code:
    resolvconf --list
# resolv.conf from ens18.inet
nameserver 86.54.11.100
nameserver 86.54.11.200

resolvconf -i
ens18.inet
     
    rodinux, Nov 14, 2025
    #4
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    Are you sure your bind service is running with the "-4" flag?

    This does not seem like it does.
     
    pyte, Nov 14, 2025
    #5
  6. remkoh

    remkoh Active Member HowtoForge Supporter

    Your bind server not being able to resolve things has nothing to do with your resolver issues with LE and curl!!
    You are not using your bind server for resolving but DNS4all servers!
    It are two totally separate problems.

    Fix why DNS4all servers aren't working as resolvers for you first.
    That'll fix LE and curl.

    After that you can look into bind.
     
    remkoh, Nov 14, 2025
    #6
  7. rodinux

    rodinux New Member

    Ok, I don't really found how to inspect...
     
    rodinux, Nov 14, 2025
    #7
  8. rodinux

    rodinux New Member

    well I have try restart bind9 service

    Code:
    2025-11-14T19:01:13.945202+01:00 web1 systemd[1]: Stopping named.service - BIND Domain Name Server...
2025-11-14T19:01:14.054702+01:00 web1 named[891]: received control channel command 'stop'
2025-11-14T19:01:14.107313+01:00 web1 named[891]: no longer listening on 127.0.0.1#53
2025-11-14T19:01:14.108619+01:00 web1 named[891]: no longer listening on XXX.XX.XX.XX#53
2025-11-14T19:01:14.109115+01:00 web1 named[891]: shutting down: flushing changes
2025-11-14T19:01:14.109267+01:00 web1 named[891]: stopping command channel on 127.0.0.1#953
2025-11-14T19:01:14.109407+01:00 web1 named[891]: stopping command channel on ::1#953
2025-11-14T19:01:21.776801+01:00 web1 named[891]: exiting
2025-11-14T19:01:22.180219+01:00 web1 systemd[1]: named.service: Deactivated successfully.
2025-11-14T19:01:22.181461+01:00 web1 systemd[1]: Stopped named.service - BIND Domain Name Server.
2025-11-14T19:01:22.181673+01:00 web1 systemd[1]: named.service: Consumed 15min 5.394s CPU time.
2025-11-14T19:01:22.208885+01:00 web1 systemd[1]: Starting named.service - BIND Domain Name Server...
2025-11-14T19:01:22.258065+01:00 web1 named[511459]: starting BIND 9.18.41-1~deb12u1-Debian (Extended Support Version) <id:>
2025-11-14T19:01:22.258383+01:00 web1 named[511459]: running on Linux x86_64 6.1.0-40-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.153-1 (2025-09-20)
2025-11-14T19:01:22.258607+01:00 web1 named[511459]: built with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/reproducible-path/bind9-9.18.41=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
2025-11-14T19:01:22.258897+01:00 web1 named[511459]: running as: named -4 -f -4 -u bind
2025-11-14T19:01:22.259272+01:00 web1 named[511459]: compiled by GCC 12.2.0
2025-11-14T19:01:22.259491+01:00 web1 named[511459]: compiled with OpenSSL version: OpenSSL 3.0.17 1 Jul 2025
2025-11-14T19:01:22.259727+01:00 web1 named[511459]: linked to OpenSSL version: OpenSSL 3.0.17 1 Jul 2025
2025-11-14T19:01:22.259936+01:00 web1 named[511459]: compiled with libuv version: 1.44.2
2025-11-14T19:01:22.260174+01:00 web1 named[511459]: linked to libuv version: 1.44.2
2025-11-14T19:01:22.260382+01:00 web1 named[511459]: compiled with libxml2 version: 2.9.14
2025-11-14T19:01:22.260609+01:00 web1 named[511459]: linked to libxml2 version: 20914
2025-11-14T19:01:22.260743+01:00 web1 named[511459]: compiled with json-c version: 0.16
2025-11-14T19:01:22.260863+01:00 web1 named[511459]: linked to json-c version: 0.16
2025-11-14T19:01:22.261006+01:00 web1 named[511459]: compiled with zlib version: 1.2.13
2025-11-14T19:01:22.261152+01:00 web1 named[511459]: linked to zlib version: 1.2.13
2025-11-14T19:01:22.261318+01:00 web1 named[511459]: ----------------------------------------------------
2025-11-14T19:01:22.261457+01:00 web1 named[511459]: BIND 9 is maintained by Internet Systems Consortium,
2025-11-14T19:01:22.261584+01:00 web1 named[511459]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
2025-11-14T19:01:22.261736+01:00 web1 named[511459]: corporation.  Support and training for BIND 9 are
2025-11-14T19:01:22.261897+01:00 web1 named[511459]: available at https://www.isc.org/support
2025-11-14T19:01:22.262047+01:00 web1 named[511459]: ----------------------------------------------------
2025-11-14T19:01:22.262241+01:00 web1 named[511459]: adjusted limit on open files from 524288 to 1048576
2025-11-14T19:01:22.262376+01:00 web1 named[511459]: found 4 CPUs, using 4 worker threads
2025-11-14T19:01:22.262517+01:00 web1 named[511459]: using 4 UDP listeners per interface
2025-11-14T19:01:22.309420+01:00 web1 named[511459]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
2025-11-14T19:01:22.309675+01:00 web1 named[511459]: DS algorithms: SHA-1 SHA-256 SHA-384
2025-11-14T19:01:22.309845+01:00 web1 named[511459]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
2025-11-14T19:01:22.310021+01:00 web1 named[511459]: TKEY mode 2 support (Diffie-Hellman): yes
2025-11-14T19:01:22.310234+01:00 web1 named[511459]: TKEY mode 3 support (GSS-API): yes
2025-11-14T19:01:22.313632+01:00 web1 named[511459]: the initial working directory is '/'
2025-11-14T19:01:22.313827+01:00 web1 named[511459]: loading configuration from '/etc/bind/named.conf'
2025-11-14T19:01:22.314002+01:00 web1 named[511459]: the working directory is now '/var/cache/bind'
2025-11-14T19:01:22.314515+01:00 web1 named[511459]: reading built-in trust anchors from file '/etc/bind/bind.keys'
2025-11-14T19:01:22.325720+01:00 web1 named[511459]: looking for GeoIP2 databases in '/usr/share/GeoIP'
2025-11-14T19:01:22.326211+01:00 web1 named[511459]: using default UDP/IPv4 port range: [32768, 60999]
2025-11-14T19:01:22.327781+01:00 web1 named[511459]: listening on IPv4 interface lo, 127.0.0.1#53
2025-11-14T19:01:22.330934+01:00 web1 named[511459]: listening on IPv4 interface ens18, XXX.XX.XX.XX#53
2025-11-14T19:01:22.332617+01:00 web1 named[511459]: generating session key for dynamic DNS
2025-11-14T19:01:22.333698+01:00 web1 named[511459]: sizing zone task pool based on 7 zones
2025-11-14T19:01:22.356873+01:00 web1 named[511459]: none:100: 'max-cache-size 90%' - setting to 7146MB (out of 7940MB)
2025-11-14T19:01:22.371013+01:00 web1 named[511459]: obtaining root key for view _default from '/etc/bind/bind.keys'
2025-11-14T19:01:22.371217+01:00 web1 named[511459]: set up managed keys zone for view _default, file 'managed-keys.bind'
2025-11-14T19:01:22.371361+01:00 web1 named[511459]: automatic empty zone: 10.IN-ADDR.ARPA
2025-11-14T19:01:22.371498+01:00 web1 named[511459]: automatic empty zone: 16.172.IN-ADDR.ARPA
2025-11-14T19:01:22.371632+01:00 web1 named[511459]: automatic empty zone: 17.172.IN-ADDR.ARPA
2025-11-14T19:01:22.371757+01:00 web1 named[511459]: automatic empty zone: 18.172.IN-ADDR.ARPA
2025-11-14T19:01:22.371882+01:00 web1 named[511459]: automatic empty zone: 19.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372050+01:00 web1 named[511459]: automatic empty zone: 20.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372197+01:00 web1 named[511459]: automatic empty zone: 21.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372340+01:00 web1 named[511459]: automatic empty zone: 22.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372472+01:00 web1 named[511459]: automatic empty zone: 23.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372589+01:00 web1 named[511459]: automatic empty zone: 24.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372720+01:00 web1 named[511459]: automatic empty zone: 25.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372842+01:00 web1 named[511459]: automatic empty zone: 26.172.IN-ADDR.ARPA
2025-11-14T19:01:22.372989+01:00 web1 named[511459]: automatic empty zone: 27.172.IN-ADDR.ARPA
2025-11-14T19:01:22.373148+01:00 web1 named[511459]: automatic empty zone: 28.172.IN-ADDR.ARPA
2025-11-14T19:01:22.373291+01:00 web1 named[511459]: automatic empty zone: 29.172.IN-ADDR.ARPA
2025-11-14T19:01:22.373419+01:00 web1 named[511459]: automatic empty zone: 30.172.IN-ADDR.ARPA
2025-11-14T19:01:22.373548+01:00 web1 named[511459]: automatic empty zone: 31.172.IN-ADDR.ARPA
2025-11-14T19:01:22.373678+01:00 web1 named[511459]: automatic empty zone: 168.192.IN-ADDR.ARPA
2025-11-14T19:01:22.373810+01:00 web1 named[511459]: automatic empty zone: 64.100.IN-ADDR.ARPA
2025-11-14T19:01:22.373926+01:00 web1 named[511459]: automatic empty zone: 65.100.IN-ADDR.ARPA
2025-11-14T19:01:22.374084+01:00 web1 named[511459]: automatic empty zone: 66.100.IN-ADDR.ARPA
2025-11-14T19:01:22.374227+01:00 web1 named[511459]: automatic empty zone: 67.100.IN-ADDR.ARPA
2025-11-14T19:01:22.374351+01:00 web1 named[511459]: automatic empty zone: 68.100.IN-ADDR.ARPA
2025-11-14T19:01:22.374475+01:00 web1 named[511459]: automatic empty zone: 69.100.IN-ADDR.ARPA
2025-11-14T19:01:22.374604+01:00 web1 named[511459]: automatic empty zone: 70.100.IN-ADDR.ARPA
2025-11-14T19:01:22.374727+01:00 web1 named[511459]: automatic empty zone: 71.100.IN-ADDR.ARPA
2025-11-14T19:01:22.374855+01:00 web1 named[511459]: automatic empty zone: 72.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375047+01:00 web1 named[511459]: automatic empty zone: 73.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375195+01:00 web1 named[511459]: automatic empty zone: 74.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375323+01:00 web1 named[511459]: automatic empty zone: 75.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375440+01:00 web1 named[511459]: automatic empty zone: 76.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375573+01:00 web1 named[511459]: automatic empty zone: 77.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375688+01:00 web1 named[511459]: automatic empty zone: 78.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375812+01:00 web1 named[511459]: automatic empty zone: 79.100.IN-ADDR.ARPA
2025-11-14T19:01:22.375927+01:00 web1 named[511459]: automatic empty zone: 80.100.IN-ADDR.ARPA
2025-11-14T19:01:22.376104+01:00 web1 named[511459]: automatic empty zone: 81.100.IN-ADDR.ARPA
2025-11-14T19:01:22.376227+01:00 web1 named[511459]: automatic empty zone: 82.100.IN-ADDR.ARPA
2025-11-14T19:01:22.376365+01:00 web1 named[511459]: automatic empty zone: 83.100.IN-ADDR.ARPA
2025-11-14T19:01:22.376504+01:00 web1 named[511459]: automatic empty zone: 84.100.IN-ADDR.ARPA
2025-11-14T19:01:22.376619+01:00 web1 named[511459]: automatic empty zone: 85.100.IN-ADDR.ARPA
2025-11-14T19:01:22.376747+01:00 web1 named[511459]: automatic empty zone: 86.100.IN-ADDR.ARPA
2025-11-14T19:01:22.376883+01:00 web1 named[511459]: automatic empty zone: 87.100.IN-ADDR.ARPA
2025-11-14T19:01:22.377051+01:00 web1 named[511459]: automatic empty zone: 88.100.IN-ADDR.ARPA
2025-11-14T19:01:22.377183+01:00 web1 named[511459]: automatic empty zone: 89.100.IN-ADDR.ARPA
2025-11-14T19:01:22.377336+01:00 web1 named[511459]: automatic empty zone: 90.100.IN-ADDR.ARPA
2025-11-14T19:01:22.377609+01:00 web1 named[511459]: automatic empty zone: 91.100.IN-ADDR.ARPA
2025-11-14T19:01:22.377745+01:00 web1 named[511459]: automatic empty zone: 92.100.IN-ADDR.ARPA
2025-11-14T19:01:22.377891+01:00 web1 named[511459]: automatic empty zone: 93.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378054+01:00 web1 named[511459]: automatic empty zone: 94.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378189+01:00 web1 named[511459]: automatic empty zone: 95.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378319+01:00 web1 named[511459]: automatic empty zone: 96.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378443+01:00 web1 named[511459]: automatic empty zone: 97.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378567+01:00 web1 named[511459]: automatic empty zone: 98.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378685+01:00 web1 named[511459]: automatic empty zone: 99.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378796+01:00 web1 named[511459]: automatic empty zone: 100.100.IN-ADDR.ARPA
2025-11-14T19:01:22.378920+01:00 web1 named[511459]: automatic empty zone: 101.100.IN-ADDR.ARPA
2025-11-14T19:01:22.379139+01:00 web1 named[511459]: automatic empty zone: 102.100.IN-ADDR.ARPA
2025-11-14T19:01:22.379292+01:00 web1 named[511459]: automatic empty zone: 103.100.IN-ADDR.ARPA
2025-11-14T19:01:22.379416+01:00 web1 named[511459]: automatic empty zone: 104.100.IN-ADDR.ARPA
2025-11-14T19:01:22.379568+01:00 web1 named[511459]: automatic empty zone: 105.100.IN-ADDR.ARPA
2025-11-14T19:01:22.379721+01:00 web1 named[511459]: automatic empty zone: 106.100.IN-ADDR.ARPA
2025-11-14T19:01:22.379853+01:00 web1 named[511459]: automatic empty zone: 107.100.IN-ADDR.ARPA
2025-11-14T19:01:22.379993+01:00 web1 named[511459]: automatic empty zone: 108.100.IN-ADDR.ARPA
2025-11-14T19:01:22.380153+01:00 web1 named[511459]: automatic empty zone: 109.100.IN-ADDR.ARPA
2025-11-14T19:01:22.380273+01:00 web1 named[511459]: automatic empty zone: 110.100.IN-ADDR.ARPA
2025-11-14T19:01:22.380404+01:00 web1 named[511459]: automatic empty zone: 111.100.IN-ADDR.ARPA
2025-11-14T19:01:22.380527+01:00 web1 named[511459]: automatic empty zone: 112.100.IN-ADDR.ARPA
2025-11-14T19:01:22.380658+01:00 web1 named[511459]: automatic empty zone: 113.100.IN-ADDR.ARPA
2025-11-14T19:01:22.380784+01:00 web1 named[511459]: automatic empty zone: 114.100.IN-ADDR.ARPA
2025-11-14T19:01:22.380914+01:00 web1 named[511459]: automatic empty zone: 115.100.IN-ADDR.ARPA
2025-11-14T19:01:22.381077+01:00 web1 named[511459]: automatic empty zone: 116.100.IN-ADDR.ARPA
2025-11-14T19:01:22.381221+01:00 web1 named[511459]: automatic empty zone: 117.100.IN-ADDR.ARPA
2025-11-14T19:01:22.381338+01:00 web1 named[511459]: automatic empty zone: 118.100.IN-ADDR.ARPA
2025-11-14T19:01:22.381460+01:00 web1 named[511459]: automatic empty zone: 119.100.IN-ADDR.ARPA
2025-11-14T19:01:22.381582+01:00 web1 named[511459]: automatic empty zone: 120.100.IN-ADDR.ARPA
2025-11-14T19:01:22.381703+01:00 web1 named[511459]: automatic empty zone: 121.100.IN-ADDR.ARPA
2025-11-14T19:01:22.381876+01:00 web1 named[511459]: automatic empty zone: 122.100.IN-ADDR.ARPA
2025-11-14T19:01:22.382033+01:00 web1 named[511459]: automatic empty zone: 123.100.IN-ADDR.ARPA
2025-11-14T19:01:22.382152+01:00 web1 named[511459]: automatic empty zone: 124.100.IN-ADDR.ARPA
2025-11-14T19:01:22.382277+01:00 web1 named[511459]: automatic empty zone: 125.100.IN-ADDR.ARPA
2025-11-14T19:01:22.382412+01:00 web1 named[511459]: automatic empty zone: 126.100.IN-ADDR.ARPA
2025-11-14T19:01:22.382526+01:00 web1 named[511459]: automatic empty zone: 127.100.IN-ADDR.ARPA
2025-11-14T19:01:22.382649+01:00 web1 named[511459]: automatic empty zone: 254.169.IN-ADDR.ARPA
2025-11-14T19:01:22.382779+01:00 web1 named[511459]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
2025-11-14T19:01:22.382900+01:00 web1 named[511459]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
2025-11-14T19:01:22.383123+01:00 web1 named[511459]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
2025-11-14T19:01:22.383278+01:00 web1 named[511459]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
2025-11-14T19:01:22.383403+01:00 web1 named[511459]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2025-11-14T19:01:22.383529+01:00 web1 named[511459]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2025-11-14T19:01:22.383647+01:00 web1 named[511459]: automatic empty zone: D.F.IP6.ARPA
2025-11-14T19:01:22.383769+01:00 web1 named[511459]: automatic empty zone: 8.E.F.IP6.ARPA
2025-11-14T19:01:22.383899+01:00 web1 named[511459]: automatic empty zone: 9.E.F.IP6.ARPA
2025-11-14T19:01:22.384074+01:00 web1 named[511459]: automatic empty zone: A.E.F.IP6.ARPA
2025-11-14T19:01:22.384207+01:00 web1 named[511459]: automatic empty zone: B.E.F.IP6.ARPA
2025-11-14T19:01:22.384337+01:00 web1 named[511459]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
2025-11-14T19:01:22.384480+01:00 web1 named[511459]: automatic empty zone: EMPTY.AS112.ARPA
2025-11-14T19:01:22.384604+01:00 web1 named[511459]: automatic empty zone: HOME.ARPA
2025-11-14T19:01:22.384743+01:00 web1 named[511459]: automatic empty zone: RESOLVER.ARPA
2025-11-14T19:01:22.388307+01:00 web1 named[511459]: configuring command channel from '/etc/bind/rndc.key'
2025-11-14T19:01:22.388922+01:00 web1 named[511459]: command channel listening on 127.0.0.1#953
2025-11-14T19:01:22.390101+01:00 web1 named[511459]: managed-keys-zone: loaded serial 1280
2025-11-14T19:01:22.392905+01:00 web1 named[511459]: zone 0.in-addr.arpa/IN: loaded serial 1
2025-11-14T19:01:22.407637+01:00 web1 named[511459]: zone domain-old1.tld/IN: domain-old1.tld.domain-old1.tld/NS 'console.numericoop.fr.domain-old1.tld' has no address records (A or AAAA)
2025-11-14T19:01:22.407860+01:00 web1 named[511459]: zone domain-old1.tld/IN: loaded serial 2025100601
2025-11-14T19:01:22.415432+01:00 web1 named[511459]: zone 255.in-addr.arpa/IN: loaded serial 1
2025-11-14T19:01:22.415663+01:00 web1 named[511459]: zone localhost/IN: loaded serial 2
2025-11-14T19:01:22.417340+01:00 web1 named[511459]: zone domain-old.tld/IN: domain-old.tld.domain-old.tld/NS 'console.numericoop.fr.domain-old.tld' has no address records (A or AAAA)
2025-11-14T19:01:22.417506+01:00 web1 named[511459]: zone domain-old.tld/IN: loaded serial 2023040503
2025-11-14T19:01:22.418646+01:00 web1 named[511459]: zone domain-old.tld/IN: sending notifies (serial 2023040503)
2025-11-14T19:01:22.423577+01:00 web1 named[511459]: zone 127.in-addr.arpa/IN: loaded serial 1
2025-11-14T19:01:22.425181+01:00 web1 named[511459]: all zones loaded
2025-11-14T19:01:22.426591+01:00 web1 named[511459]: running
2025-11-14T19:01:22.426913+01:00 web1 named[511459]: zone domain-old1.tld/IN: sending notifies (serial 2025100601)
2025-11-14T19:01:22.427225+01:00 web1 systemd[1]: Started named.service - BIND Domain Name Server.
2025-11-14T19:01:22.450188+01:00 web1 named[511459]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
2025-11-14T19:01:22.450399+01:00 web1 named[511459]: managed-keys-zone: Key 38696 for zone . is now trusted (acceptance timer complete)
2025-11-14T19:01:52.521374+01:00 web1 named[511459]: broken trust chain resolving '137.79.in-addr.arpa/NS/IN': 199.253.249.53#53
2025-11-14T19:04:26.576515+01:00 web1 named[511459]: success resolving '44.128.85.209.asn.rspamd.com/TXT' after disabling qname minimization due to 'ncache nxdomain'
2025-11-14T19:04:26.628448+01:00 web1 named[511459]: success resolving '44.128.85.209.rep.mailspike.net/A' after disabling qname minimization due to 'ncache nxdomain'
2025-11-14T19:04:26.794066+01:00 web1 named[511459]: success resolving '44.128.85.209.list.dnswl.org/A' after disabling qname minimization due to 'ncache nxdomain'
2025-11-14T19:04:27.043287+01:00 web1 named[511459]: success resolving 'gmail.com.dwl.dnswl.org/A' after disabling qname minimization due to 'ncache nxdomain'
2025-11-14T19:04:27.173673+01:00 web1 named[511459]: success resolving '0.68.65.81.zen.spamhaus.org/A' after disabling qname minimization due to 'ncache nxdomain'
    Ok, so I have a question... I think we have long tile ago try activate dns server and then desactivate it. There was a try with here the domain-old.tld and domain-old2.tld to edit the zone dns, but it is ,ow desactivated... It should be wrong somewhere ?? there some files in /etc/bind with pri.domain-old.tld and pri.domain-old2.tld
     
    rodinux, Nov 14, 2025
    #8
  9. rodinux

    rodinux New Member

    I understand there is two issues, one related to the IPv6 and the other is about the resolver dns...
     
    rodinux, Nov 14, 2025
    #9
  10. rodinux

    rodinux New Member

    Also I have rollback the file /etc/default/named with only OPTIONS="-u bind" and keep just in the service /etc/systemd/system/bind9.service with ExecStart=/usr/sbin/named -4 -f $OPTIONS and restart the service. so the command will be named -4 -f -u bind
     
    rodinux, Nov 14, 2025
    #10
  11. rodinux

    rodinux New Member

    Is it not enough significant this ?
    Code:
    resolvconf --list
# resolv.conf from ens18.inet
nameserver 86.54.11.100
nameserver 86.54.11.200
     
    rodinux, Nov 14, 2025
    #11

Share This Page