IPv6 Lookups on BIND 9.5.1-P1 and .GOV Addresses

Stacey Jonathan Marshall Stacey.Marshall at Sun.COM
Fri Jan 23 20:09:37 UTC 2009 

BIND is suffering from http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6320428
(sendto() should forward errors up the stack).  To provide relief from
this issue the ISC have added additional command line options "-4" and
"-6", as of bind 9.3.2,  which instruct BIND to limit requests to IP6 or IP4
interfaces respectfully.

Sorry about that,

Stacey

wiskbroom at hotmail.com wrote:
> Hello;
>
> I have two "DMZ" BIND/DNS servers running whose purpose is to allow lookups via them from my otherwise incapable internal network.
>
> I've recently upgraded only one of them from BIND 9.5.0-P2 to BIND 9.5.1-P1. Both servers are running Sparc/Solaris 9.
>
> Upon upgrading one to BIND 9.5.0-P2, which was in an effort to resolve failed lookups for .gov sites, I found that the server was now attempting to resolve using IPv6 style addresses.  I am not able to find any such attempts in the past at all from either server (See messages from BIND 9.5.1-P1 server below).
>
> I've installed a newer db.root file by running dig then saving the output to db.root.  The newer file contained IPv6 style entries, which I've manually removed (about the same time attempts ceased)
>
> I've also tried to force any attempts at using IPv6 and what appear to be issues resolving .gov domains in my named.conf like this:
>
> options {
>         edns-udp-size 512;
>         max-udp-size  512;
>         listen-on-v6 { none; };
> };
>
> logging {
>         category lame-servers {null;};
>         category edns-disabled {null;};
>         };
>
>
> The issues that I was seeing with .gov sites resulted in this type of error in my logfile:
>
> Jan 22 11:24:56 NS1 named[7678]: [ID 873579 daemon.info] too many timeouts resolving 'www.fdic.gov/A' (in 'www.fdic.gov'?): disabling EDNS
>
>
> Any help would be greatly appreciated, am I missing something obvious, or perhaps I need to add something else into my configs?
>
>
> Thank you,
>
>
> .vp
>
>
> Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable resolving 'ADNS1.BERKELEY.EDU/AAAA/IN':2001:500:2f::f#53
>
> Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable resolving 'ADNS2.BERKELEY.EDU/A/IN': 2001:500:2f::f#53
>
> Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable resolving 'indom80.indomco.hk/A/IN': 2001:dc0:1:0:4777::140#53
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list