Moving to a IPv4 only server

Fri Aug 18 20:14:29 UTC 2023

You did the classic mistake - assuming what the problem is and then trying to find a solution for that problem.

You should start with just describing what you see - and the logs you sent indicate that the named is unable to communicate on port 53. This indicates that your network (firewall on the server, firewall at the provider) might be blocking DNS queries to the outside world. You should diagnose that - try sending DNS queries to those addresses by hand and look what’s happening on the wire (tcpdump, wireshark, etc. are your friends).

Ondřej 
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 18. 8. 2023, at 22:00, Julien Salort <listes at salort.eu> wrote:
> 
> Hello,
> 
> I am sorry if this is a FAQ. I haven't been able to find the answer.
> 
> I used to have bind9 running on a server with both IPv4 and IPv6. This server has failed unfortunately, and I am setting up replacement using the last backup of the failed server. The new server happens to have IPv4 address only, unfortunately. Both the old and the new server are running Ubuntu 22 if that matters.
> 
> I copied /etc/bind directory from the backup to the new server.
> 
> Authoritative zones work fine. It also transfers successfully to the slaves when I make changes in the zones.
> 
> However, I can't get the recursion to work. I originally had a lot of "network unreachable" with IPv6 addresses. So I figured I should start bind with -4 option. Now, I no longer have the "network unreachable" errors in the log, but it is still unable to recurse.
> 
> For example:
> 
> dig www.google.com @127.0.0.1
> 
> ;; communications error to 127.0.0.1#53: timed out
> ;; communications error to 127.0.0.1#53: timed out
> 
> ; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> www.google.com @127.0.0.1
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35198
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: a497120ee47312be0100000064dfccb2ba16350e188a7bc4 (good)
> ;; QUESTION SECTION:
> ;www.google.com.            IN    A
> 
> ;; Query time: 1988 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
> ;; WHEN: Fri Aug 18 19:55:30 UTC 2023
> ;; MSG SIZE  rcvd: 71
> 
> 
> And in the log file:
> 
> Aug 18 19:55:23 vpsl named[3183]: client @0x7f8a4c0152f8 127.0.0.1#33163 (www.google.com): query: www.google.com IN A +E(0)K (127.0.0.1)
> Aug 18 19:55:28 vpsl named[3183]: resolver priming query complete: timed out
> Aug 18 19:55:28 vpsl named[3183]: client @0x7f8a5420b6f8 127.0.0.1#43890 (www.google.com): query: www.google.com IN A +E(0)K (127.0.0.1)
> Aug 18 19:55:30 vpsl named[3183]: shut down hung fetch while resolving 'www.google.com/A'
> Aug 18 19:55:30 vpsl named[3183]: client @0x7f8a54213b58 127.0.0.1#46373 (www.google.com): query failed (operation canceled) for www.google.com/IN/A at query.c:7794
> Aug 18 19:55:30 vpsl named[3183]: client @0x7f8a5420b6f8 127.0.0.1#43890 (www.google.com): query failed (operation canceled) for www.google.com/IN/A at query.c:7794
> Aug 18 19:55:30 vpsl named[3183]: client @0x7f8a4c0152f8 127.0.0.1#33163 (www.google.com): query failed (operation canceled) for www.google.com/IN/A at query.c:7794
> Aug 18 19:55:38 vpsl named[3183]: resolver priming query complete: timed out
> 
> 
> It feels like there are some root server addresses with IPv6 address that it can't use, but I have no clue where these addresses are and how to replace them with their IPv4 counterparts.
> 
> 
> Thanks for any clue,
> 
> 
> Julien
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users