Stop BIND from using IPv6 to contact other DNS servers when doing recursion ??



  • Hello all together,

    I am stuck with a problem in configuring the BIND package to do recursion.

    From the logs i can see (see below) that BIND tries to contact the servers
    in named.root by their IPv6 addresses.
    This does not work as I don't have any IPv6 configured anywhere.

    The man page of named gives this as a start option to only enable IPv4:
    OPTIONS="-4 -u bind"
    But I am simple not able to find where in pfsense this needs to go, neither
    in webconfig nor in the file system (where I don't like to fool around).

    I have how every tried to remove all IPv6 entries from the named.root which
    did not lead to a fall back to IPv4 of BIND. (the IPv6 entires are back in
    named.root by now)

    –--
    named[71611]: queries: info: client XXX.XXX.XXX.XXX#50168 (www.google.com): view viewname: query: www.google.com IN A + (YYY.YYY.YYY.YYY)
    named[71611]: resolver: debug 1: createfetch: www.google.com A
    named[71611]: resolver: debug 1: createfetch: . NS
    named[71611]: lame-servers: info: error (host unreachable) resolving 'www.google.com/A/IN': 2001:500:2::c#53
    named[71611]: lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:500:2::c#53
    named[71611]: lame-servers: info: error (host unreachable) resolving 'www.google.com/A/IN': 2001:500:1::803f:235#53
    named[71611]: lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
    named[71611]: lame-servers: info: error (host unreachable) resolving 'www.google.com/A/IN': 2001:500:2d::d#53
    named[71611]: lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:500:2d::d#53
    named[71611]: lame-servers: info: error (host unreachable) resolving 'www.google.com/A/IN': 2001:7fd::1#53
    named[71611]: lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:7fd::1#53
    named[71611]: queries: info: client XXX.XXX.XXX.XXX#50168 (www.google.com): view viewname: query: www.google.com IN A + (YYY.YYY.YYY.YYY)
    named[71611]: resolver: debug 1: createfetch: www.google.com A
    named[71611]: lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:500:3::42#53
    named[71611]: lame-servers: info: error (host unreachable) resolving 'www.google.com/A/IN': 2001:500:3::42#53
    named[71611]: lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
    named[71611]: lame-servers: info: error (host unreachable) resolving 'www.google.com/A/IN': 2001:503:ba3e::2:30#53
    named[71611]: lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
    named[71611]: lame-servers: info: error (host unreachable) resolving 'www.google.com/A/IN': 2001:503:c27::2:30#53
    named[71611]: queries: info: client XXX.XXX.XXX.XXX#50168 (www.google.com): view viewname: query: www.google.com IN A + (YYY.YYY.YYY.YYY)
    named[71611]: resolver: debug 1: createfetch: www.google.com A
    named[71611]: query-errors: debug 1: client XXX.XXX.XXX.XXX#50168 (www.google.com): view viewname: query failed (SERVFAIL) for www.google.com/IN/A at query.c:7005



  • I belief if I could find out where the equivalent to a
    debians /etc/defaults/bind9 is my problem would be solved
    as it contains this:

    _$ cat /etc/default/bind9

    run resolvconf?

    RESOLVCONF=yes

    startup options for the server

    OPTIONS="-4 -u bind"_



  • Go to Diagnostics->Edit File
    Browse and Load /usr/local/pkg/bind.inc
    Go towards the end of the file and add -4 as shown
    Save the file and go to the BIND Server page and click Save to apply the change

    
    function bind_write_rcfile() {
            $rc = array();
            $BIND_LOCALBASE = "/usr/local";
            $rc['file'] = 'named.sh';
            $rc['start'] = <<<eod<br>if [ -z "`ps auxw | grep "[n]amed -4 -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then
            {$BIND_LOCALBASE}/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/
    fi
    
    EOD;
            $rc['stop'] = <<<eod<br>killall -9 named 2>/dev/null
    sleep 2
    EOD;
            $rc['restart'] = <<<eod<br>if [ -z "`ps auxw | grep "[n]amed -4 -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then
            	{$BIND_LOCALBASE}/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/
            else
    		killall -9 named 2>/dev/null
             	sleep 3	
            	{$BIND_LOCALBASE}/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/
            fi</eod<br></eod<br></eod<br> 
    

Log in to reply