Hi, Bind doesn't liston on udp 53 but the problem is only visible with IPV6.. => But on IPV4, that's working. Thanks. => Debian 7 - bind9
Did you add listen-on-v6 { any; }; to options { .. } in /etc/bind/named.conf.options? Another possibilty is, that you have more than bind-daemon running (i had a similary problem a while ago). you can check this with ps -ef|grep bind
Here is my config file : Code: options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; // listen-on port 53 { any; }; // listen-on-v6 port 53 { any; }; // allow-query { any; }; // recursion no; // allow-recursion { none; }; auth-nxdomain no; # conform to RFC1035 // listen-on-v6 { IPV6; }; // listen-on { 127.0.0.1; IPV4; }; listen-on { 127.0.0.1; IPV4; IPV6; }; listen-on port 53 { 127.0.0.1; IPV4; IPV6; }; allow-recursion { 127.0.0.1; ::1; }; };
You can disable listen-on { 127.0.0.1; IPV4; IPV6; }; listen-on port 53 { 127.0.0.1; IPV4; IPV6; }; and add listen-on-v6 { any; };
I've made the change and still get the some other error (TCP and UDP). Server does not listen on port 53 UDP Adv: ZoneCheck It is critical that DNS servers listen on UDP port 53, this is the default port that clients ask the DNS servers for resolver answers, if this server is no longer in use, please remove it from your DNS and registrars NS records, immediately. NS1/IPV6 Server does not listen on port 53 TCP Adv: ZoneCheck It is important that DNS servers listen on TCP port 53, this is the default port that clients ask the DNS servers for resolver answers when the requests are too large for UDP. If this server is no longer in use, please remove it from your DNS and registrars NS records immediately. NS1/IPV6
Here the log Code: tcp 0 0 IPV4:53 0.0.0.0:* LISTEN 8112/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 8112/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8112/named tcp 0 0 IPV4:143 109.134.158.111:49252 ESTABLISHED 5312/imap-login tcp 0 0 IPV4:143 109.134.158.111:49250 ESTABLISHED 5308/imap-login tcp 0 0 IPV4:143 78.141.136.7:49229 ESTABLISHED 5538/imap-login tcp 0 0 127.0.0.1:32801 127.0.0.1:53 TIME_WAIT - tcp 0 0 IPV4:143 78.141.136.7:49227 ESTABLISHED 5534/imap-login tcp 0 0 IPV4:993 109.134.158.111:49237 ESTABLISHED 5300/imap-login tcp 0 0 127.0.0.1:32816 127.0.0.1:53 TIME_WAIT - tcp 0 245 IPV4:993 91.178.159.197:60753 ESTABLISHED 14061/imap-login tcp 0 0 IPV4:143 109.134.158.111:49249 ESTABLISHED 5304/imap-login tcp6 0 0 :::53 :::* LISTEN 8112/named tcp6 0 0 ::1:953 :::* LISTEN 8112/named
How can I do this or reverse it ? Cause I don't remember that I've change something about the network…