ipv6 bind to single v6-address

Mark Andrews Mark_Andrews at isc.org
Sat Jun 23 08:17:36 UTC 2007 

> Danny Mayer wrote:
> > Arul Murugan wrote:
> >> Hi Florian,
> >>                Listen-on-v6 Specifies the ports on which the server
> >> listens for incoming
> >> queries sent using IPv6. The server does not bind a separate socket
> >> to each IPv6 interface address as it does for IPv4. Instead, it
> >> always listens on the IPv6 wildcard address. Therefore, the values
> >> allowed for the address_match_list argument to the listen-on-v6
> >> option are:
> >> b" any
> >> b" none
> >> Multiple listen-on-v6 options can be used to listen on
> >> multiple ports. For example:
> >> listen-on-v6 port 53 { any; };
> >> listen-on-v6 port 1234 { any; };
> >> To make the server not listen on any IPv6 address, specify
> >> the following:
> >> listen-on-v6 { none; };
> >> If the listen-on-v6 option is not specified, the server does not
> >> listen on any IPv6 address.
> >
> > You are misinformed. It does not listen on the wildcard socket, it
> > binds to each address separately just as it does with IPv4 addresses.
> > From the ARM:
> 
> But when the original poster (Florian) said he used 'any;' it bound to 
> the wild card:
> 
> Florian wrote:
> >
> > Bind is only starting an working with ipv6 if i do the following in
> > /etc/named.conf:
> > -------------------
> > listen-on-v6 {
> >    any;
> > };
> > -------------------
> > #dig @2001:470:1f00:484::2 -6 -t aaaa www6.agilolfinger.de
> > is resolving; ok
> >
> > #netstat -an | grep -E "(:53|:953|:32)"
> [...]
> > tcp   0  0 :::53             :::*       LISTEN
> [...]
> > udp   0  0 :::53             :::*
> 
> And didn't bind IPv6 to anything when to tried to explicitly set an 
> interface:
> 
> Florian wrote:
> >
> > I have more ip-v6-adresses on my interface and want to bind the named
> > on a certain address like :
> > /etc/named.conf
> > -------------------
> > listen-on-v6 {
> >                ::1;
> >                2001:470:1f00:484::2;
> >        };
> > -------------------
> > #dig @2001:470:1f00:484::2 -6 -t aaaa www6.agilolfinger.de
> > dig is timing out
> >
> > #netstat -an | grep -E "(:53|:953|:32)"
> > tcp  0  0 194.77.3.34:53    0.0.0.0:*       LISTEN
> > tcp  0  0 127.0.0.1:53      0.0.0.0:*       LISTEN
> [...]
> > udp  0  0 194.77.3.34:53    0.0.0.0:*
> > udp  0  0 127.0.0.1:53      0.0.0.0:*
> 
> There seems to be a rather glaring inconsistancy between some of these 
> docs and/or versions. Perhaps "listen-on-v6" is just broken on some 
> builds?

	If you "listen-on-v6 { any; };" named will bind to the
	wildcard port for IPv6.  It then uses in6_pktinfo to ensure
	that reply traffic comes from the right address.  If the
	acl is not "any;" then named binds to individual interfaces.

	The original poster didn't have his chroot environment setup
	correctly which is what was preventing named binding to the
	addresses.  "/proc/net/if_inet6" was missing.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list