BIND - ipv6

Discussion in 'Installation/Configuration' started by stef157, Sep 24, 2015.

  1. stef157

    stef157 Member

    Hi,
    Bind doesn't liston on udp 53 but the problem is only visible with IPV6..
    => But on IPV4, that's working.

    Thanks.
    => Debian 7 - bind9
     
  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Did you add listen-on-v6 { any; }; to options { .. } in /etc/bind/named.conf.options?
    Another possibilty is, that you have more than bind-daemon running (i had a similary problem a while ago). you can check this with ps -ef|grep bind
     
  3. stef157

    stef157 Member

    Here is my config file :

    Code:
    options {
        directory "/var/cache/bind";
    
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
    
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders. 
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
    
        // forwarders {
        //     0.0.0.0;
        // };
    
        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;
       
    //    listen-on port 53 { any; };
    //    listen-on-v6 port 53 { any; };
    //    allow-query     { any; };
    //    recursion no;
    //    allow-recursion { none; };
    
        auth-nxdomain no;    # conform to RFC1035
    
    //    listen-on-v6 { IPV6; };
    //    listen-on { 127.0.0.1; IPV4; };
        listen-on { 127.0.0.1; IPV4; IPV6; };
        listen-on port 53 { 127.0.0.1; IPV4; IPV6; };
        allow-recursion { 127.0.0.1; ::1; };
    };
    
     
  4. florian030

    florian030 Well-Known Member HowtoForge Supporter

    You can disable
    listen-on { 127.0.0.1; IPV4; IPV6; };
    listen-on port 53 { 127.0.0.1; IPV4; IPV6; };
    and add
    listen-on-v6 { any; };
     
  5. stef157

    stef157 Member

    I've made the change and still get the some other error (TCP and UDP).

    [​IMG] Server does not listen on port 53 UDP
    • Adv: ZoneCheck
      It is critical that DNS servers listen on UDP port 53, this is the default port that clients ask the DNS servers for resolver answers, if this server is no longer in use, please remove it from your DNS and registrars NS records, immediately.
    • NS1/IPV6
    [​IMG] Server does not listen on port 53 TCP
    • Adv: ZoneCheck
      It is important that DNS servers listen on TCP port 53, this is the default port that clients ask the DNS servers for resolver answers when the requests are too large for UDP.

      If this server is no longer in use, please remove it from your DNS and registrars NS records immediately.
    • NS1/IPV6
     
  6. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Please run netstat -tanp|grep 53
     
  7. stef157

    stef157 Member

    Here the log
    Code:
    tcp        0      0 IPV4:53        0.0.0.0:*               LISTEN      8112/named     
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      8112/named     
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      8112/named     
    tcp        0      0 IPV4:143       109.134.158.111:49252   ESTABLISHED 5312/imap-login
    tcp        0      0 IPV4:143       109.134.158.111:49250   ESTABLISHED 5308/imap-login
    tcp        0      0 IPV4:143       78.141.136.7:49229      ESTABLISHED 5538/imap-login
    tcp        0      0 127.0.0.1:32801         127.0.0.1:53            TIME_WAIT   -              
    tcp        0      0 IPV4:143       78.141.136.7:49227      ESTABLISHED 5534/imap-login
    tcp        0      0 IPV4:993       109.134.158.111:49237   ESTABLISHED 5300/imap-login
    tcp        0      0 127.0.0.1:32816         127.0.0.1:53            TIME_WAIT   -              
    tcp        0    245 IPV4:993       91.178.159.197:60753    ESTABLISHED 14061/imap-login
    tcp        0      0 IPV4:143       109.134.158.111:49249   ESTABLISHED 5304/imap-login
    tcp6       0      0 :::53                   :::*                    LISTEN      8112/named     
    tcp6       0      0 ::1:953                 :::*                    LISTEN      8112/named  
     
  8. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Did you restart bind after the changes?
     
  9. stef157

    stef157 Member

    Yes ;-)
     
  10. florian030

    florian030 Well-Known Member HowtoForge Supporter

    For some reasons you disable udp for bind.
     
  11. stef157

    stef157 Member

    How can I do this or reverse it ?
    Cause I don't remember that I've change something about the network…
     

Share This Page