ipv6 bind to single v6-address

[Mark Andrews]

> Hello list,
> 
> i'm running bind 9.3.4 on trustix 3.0.5. I'm using the precompiled
> trustix-packages.
> bind-libs-9.3.4-3tr
> bind-9.3.4-3tr
> bind-utils-9.3.4-3tr
> 
> I have more ip-v6-adresses on my interface and want to bind the named on
> a certain address like :
> /etc/named.conf
> -------------------
> listen-on-v6 {
>                 ::1;
>                 2001:470:1f00:484::2;
>         };
> -------------------
> #dig @2001:470:1f00:484::2 -6 -t aaaa www6.agilolfinger.de
> dig is timing out
> 
> #netstat -an | grep -E "(:53|:953|:32)"
> tcp  0  0 194.77.3.34:53    0.0.0.0:*       LISTEN
> tcp  0  0 127.0.0.1:53      0.0.0.0:*       LISTEN
> tcp  0  0 127.0.0.1:953     0.0.0.0:*       LISTEN
> tcp  0  0 127.0.0.1:51762   127.0.0.1:953   TIME_WAIT
> tcp  0  0 127.0.0.1:51763   127.0.0.1:953   TIME_WAIT
> tcp  0  0 ::1:953           :::*            LISTEN
> udp  0  0 0.0.0.0:32772     0.0.0.0:*
> udp  0  0 0.0.0.0:32773     0.0.0.0:*
> udp  0  0 0.0.0.0:32912     0.0.0.0:*
> udp  0  0 194.77.3.34:53    0.0.0.0:*
> udp  0  0 127.0.0.1:53      0.0.0.0:*
> udp  0  0 :::32913          :::*
> 
> #tail /var/log/messages
> starting BIND 9.3.4 -u named -c /etc/named.conf -t /var/lib/named/chroot
> loading configuration from '/etc/named.conf'
> listening on IPv4 interface lo, 127.0.0.1#53
> listening on IPv4 interface eth0, 194.77.3.34#53
> command channel listening on 127.0.0.1#953
> command channel listening on ::1#953
> named startup succeeded

	Configure your chroot environment to have a /proc.  That
	way named can check each of the IPv6 addresses in
	/proc/net/if_inet6 against the listen-on-v6 acl.
 
> Bind is only starting an working with ipv6 if i do the following in
> /etc/named.conf:
> -------------------
> listen-on-v6 {
>     any;
> };
> -------------------
> #dig @2001:470:1f00:484::2 -6 -t aaaa www6.agilolfinger.de
> is resolving; ok

	Named special cases the "any;" acl for IPv6.  It uses packet
	info to make sure replies go come from the right address.
 
> #netstat -an | grep -E "(:53|:953|:32)"
> tcp   0  0 194.77.3.34:53    0.0.0.0:*  LISTEN
> tcp   0  0 127.0.0.1:53      0.0.0.0:*  LISTEN
> tcp   0  0 127.0.0.1:953     0.0.0.0:*  LISTEN
> tcp   0  0 :::53             :::*       LISTEN
> tcp   0  0 ::1:953           :::*       LISTEN
> udp   0  0 0.0.0.0:32772     0.0.0.0:*
> udp   0  0 0.0.0.0:32773     0.0.0.0:*
> udp   0  0 0.0.0.0:32938     0.0.0.0:*
> udp   0  0 194.77.3.34:53    0.0.0.0:*
> udp   0  0 127.0.0.1:53      0.0.0.0:*
> udp   0  0 :::32939          :::*
> udp   0  0 :::53             :::*
> 
> 
> It seems, that bind doesn't bind with port 53 to a single ip-v6-address.
> I can't find anything about it in the isc-doku, the archives or
> in google. Does anyone know a way to bind named:53 to a single ipv6-address?
> Is it my fault, a trustix-problem or a bind issu?
> 
> Thanks, Florian
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org