Network unreachable resolving...

Discussion in 'General' started by Pedro A., Jul 26, 2024.

Tags:
  1. Pedro A.

    Pedro A. Member

    Hi.
    Suddenly I'm seeing many errors in system log as these:
    nodo4 named[845]: network unreachable resolving 'ns1.websupport.sk/A/IN': 2001:500:12::d0d#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/A/IN': 2001:500:12::d0d#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns1.websupport.sk/AAAA/IN': 2001:500:12::d0d#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/AAAA/IN': 2001:500:12::d0d#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.eu/AAAA/IN': 2a02:250:3::12#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/A/IN': 2001:500:2::c#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/AAAA/IN': 2001:500:2::c#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns1.websupport.sk/A/IN': 2001:500:2::c#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/A/IN': 2001:503:ba3e::2:30#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns1.websupport.sk/AAAA/IN': 2001:500:2::c#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/A/IN': 2001:500:a8::e#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns1.websupport.sk/A/IN': 2001:503:ba3e::2:30#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns1.websupport.sk/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns1.websupport.sk/A/IN': 2001:500:a8::e#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/AAAA/IN': 2001:500:a8::e#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/A/IN': 2001:500:2d::d#53
    Jul 26 13:24:19 nodo4 named[845]: network unreachable resolving 'ns3.websupport.sk/AAAA/IN': 2001:500:2d::d#53

    I read disabling ipv6 should help, but not in this case.
    I've disabled it following this instructions (modifying system.ctl file): https://webshanks.com/how-to-disable-ipv6-on-ubuntu/
    It doesn't work for me.
    Any help??
    Thanks.
     
    Pedro A., Jul 26, 2024
    #1
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I think those log lines are from bind, the named deamon that does name service.
    You need to tell bind to stop using IPv6 if your host does not have IPv6 connectivity.
    Use Internet Search engines with
    Code:
    disable ipv6 bind9 ubuntu
    or read the docs on how to disable IPv6 for bind.
     
    Taleman, Jul 26, 2024
    #2
  3. Pedro A.

    Pedro A. Member

    I'm trying to follow Bobcares guide (https://bobcares.com/blog/bind9-disable-ipv6/) but it says I've to edit bind9.service file and it doesn't exist.
    Is there any problem with this?

    Thanks.
     
    Pedro A., Jul 26, 2024
    #3
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Probably. Instead of random Internet dudes writing stuff, use proper documentation.
    For example https://wiki.debian.org/Bind9, the part about "If bind refuses to start with error messages like "network unreachable resolving: " followed by a host and an IPv6 address, then you might add argument "-4" to force bind to always use IPv4 instead of IPv6:"
     
    Taleman, Jul 26, 2024
    #4
  5. Pedro A.

    Pedro A. Member

    I modified these files: /etc/bind/named.conf.options and /etc/default/named
    Here is the results:
    options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk. See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    forwarders {
    1.1.1.1;
    8.8.8.8;
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys. See https://www.isc.org/bind-keys
    //========================================================================
    //dnssec-enable no;
    dnssec-validation no;

    version "unknown";

    allow-transfer {none;};

    auth-nxdomain no; # conform to RFC1035
    listen-on { any; };
    allow-query { localhost; xxx.xxx.xxx.xxx/32; };
    };
    Where xxx.xxx.xxx.xxx is the server public ip.
    named file:

    # run resolvconf?
    RESOLVCONF=no

    # startup options for the server
    OPTIONS=\"-u bind -4\"
    Then I executed named-checkconf (all seems to be ok because nothing happened), systemctl restart bind9 and finally systemctl status bind9. This is the result:
    named.service - BIND Domain Name Server
    Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Fri 2024-07-26 19:42:17 CEST; 1min 42s ago
    Docs: man:named(8)
    Process: 19632 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
    Main PID: 19632 (code=exited, status=1/FAILURE)

    jul 26 19:42:17 nodo4 systemd[1]: named.service: Scheduled restart job, restart counter is at 5.
    jul 26 19:42:17 nodo4 systemd[1]: Stopped BIND Domain Name Server.
    jul 26 19:42:17 nodo4 systemd[1]: named.service: Start request repeated too quickly.
    jul 26 19:42:17 nodo4 systemd[1]: named.service: Failed with result 'exit-code'.
    jul 26 19:42:17 nodo4 systemd[1]: Failed to start BIND Domain Name Server.

    I don't know what's wrong...
    Any ideas?
     
    Pedro A., Jul 26, 2024
    #5
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Would be easier if you showed what you have modified, instead of just pasting a wall of text. At least post code in CODE tags.
    You have not revealed what Operating System you are running. Seems it depends on what OS is and OS version how bind is started.
    Code:
    # startup options for the server
OPTIONS=\"-u bind -4\"
    Did you enter that in /etc/bind/named.conf.options or /etc/default/named ? The Debian Wiki instructs to edit /etc/default/bind9.
    If that file does not exist on your system, try to figure out what OS you are running. Then read the documentation for that OS and version to see how bind is configured to not use IPv6.
    If this is too much work, just ignore the messages in log. Your system works just fine, not having IPv6 network just makes bind log those messages. If you ever do get IPv6 connection for your system, then bind is happy.
    On my system this should work:
    Code:
    systemctl edit bind9.service
    and add line
    Code:
    ExecStart=/usr/sbin/named -4 -f $OPTIONS
    where I copied the commented out ExecStart line and added -4. Unless you have same system I have this probably does not work, so don't try it.
     
    Taleman, Jul 28, 2024
    #6
  7. Pedro A.

    Pedro A. Member

    Hi. I'm using Ubuntu 20.04 right now on virtual environment.
    So, that /etc/default/bind9 folder doesn't exist. Instead of this I've /etc/default/bind
    I'll restore a copy of my virtual machine and start from the beginning.
    I'll publish my progress.
    Thanks.
     
    Pedro A., Jul 29, 2024
    #7

Share This Page