Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

BIND9 IPv6 problem

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
User avatar
MikeLieberman
Posts: 162
Joined: 2013-01-29 17:26
Location: General Santos City, Philippines
Has thanked: 17 times
Been thanked: 2 times

BIND9 IPv6 problem

#1 Post by MikeLieberman »

Is there a BIND 9 compiled with a special build-time option (./configure --enable-filter-aaaa) for Debian?

I really need this as my ISP does not support IPv6. I understand that I cannot stop BIND9 from trying to connect to IPv6 servers but at least I might be able to filter out the complaints! My syslog is being overwhelmed with failure to resolve AAAA records.

Code: Select all

May  4 08:03:43 Mail named[7295]: network unreachable resolving 'ns-914.awsdns-50.net/AAAA/IN': 2600:9000:5301:f300::1#53
May  4 08:03:43 Mail named[7295]: network unreachable resolving 'ns-914.awsdns-50.net/A/IN': 2600:9000:5303:3400::1#53
May  4 08:03:43 Mail named[7295]: network unreachable resolving 'ns-1129.awsdns-13.org/A/IN': 2600:9000:5304:1000::1#53
May  4 08:03:43 Mail named[7295]: network unreachable resolving 'ns-1129.awsdns-13.org/AAAA/IN': 2600:9000:5304:1000::1#53
May  4 08:03:43 Mail named[7295]: network unreachable resolving 'ns-345.awsdns-43.com/AAAA/IN': 2600:9000:5304:ab00::1#53
May  4 08:03:43 Mail named[7295]: network unreachable resolving 'ns-914.awsdns-50.net/AAAA/IN': 2600:9000:5303:3400::1#53
May  4 08:03:43 Mail named[7295]: network unreachable resolving 'api-aas.sharp.accedo.tv/A/IN': 2600:9000:5301:8a00::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/A/IN': 2600:9000:5307:a600::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/AAAA/IN': 2600:9000:5307:a600::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/A/IN': 2600:9000:5303:a200::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/AAAA/IN': 2600:9000:5303:a200::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/A/IN': 2600:9000:5303:2800::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/AAAA/IN': 2600:9000:5303:2800::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/A/IN': 2600:9000:5305:e500::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/AAAA/IN': 2600:9000:5305:e500::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/A/IN': 2600:9000:5301:e700::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/AAAA/IN': 2600:9000:5301:e700::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/A/IN': 2600:9000:5305:6600::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/A/IN': 2600:9000:5307:2600::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/AAAA/IN': 2600:9000:5307:2600::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/A/IN': 2600:9000:5301:6200::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-823.awsdns-38.net/AAAA/IN': 2600:9000:5305:6600::1#53
May  4 08:03:48 Mail named[7295]: network unreachable resolving 'ns-1812.awsdns-34.co.uk/AAAA/IN': 2600:9000:5301:6200::1#53
May  4 08:04:46 Mail named[7295]: network unreachable resolving 'crashlytics.com/DS/IN': 2001:503:a83e::2:30#53
May  4 08:04:54 Mail named[7295]: network unreachable resolving 'clients4.google.com/A/IN': 2001:4860:4802:32::a#53
May  4 08:05:52 Mail named[7295]: network unreachable resolving 'push-rtmp-l1-gcp01.tiktokcdn.com/A/IN': 2600:1401:1::41#53
May  4 08:05:53 Mail named[7295]: network unreachable resolving 'cl-41e83a90.gcdn.co/A/IN': 2a03:90c0:9990::2000#53
May  4 08:05:53 Mail named[7295]: network unreachable resolving 'hk-cdn.bigolive.tv/A/IN': 2600:9000:5302:9400::1#53
May  4 08:05:53 Mail named[7295]: network unreachable resolving 'bigo.tv/DS/IN': 2001:500:120::30#53
May  4 08:05:53 Mail named[7295]: network unreachable resolving 'bigo.tv/DS/IN': 2001:500:121::30#53
May  4 08:05:53 Mail named[7295]: network unreachable resolving 'bigo.tv/DS/IN': 2001:500:122::30#53
May  4 08:05:53 Mail named[7295]: network unreachable resolving 'bigo.tv/DS/IN': 2001:500:123::30#53
May  4 08:05:54 Mail named[7295]: network unreachable resolving 'like-video.com/DS/IN': 2001:503:d414::30#53
May  4 08:05:54 Mail named[7295]: network unreachable resolving 'pull-a5-va01.tiktokcdn.com.c.worldfcdn.com/A/IN': 2408:4009:500::3#53
May  4 08:05:54 Mail named[7295]: network unreachable resolving 'pull-a5-va01.tiktokcdn.com.c.worldfcdn.com/A/IN': 2408:4009:500::4#53
May  4 08:05:54 Mail named[7295]: network unreachable resolving 'support-json.like.video/A/IN': 2600:9000:5301:cc00::1#53
May  4 08:05:56 Mail named[7295]: network unreachable resolving '1928505594.rsc.cdn77.org/A/IN': 2a02:6ea0:cd77::1#53
May  4 08:05:56 Mail named[7295]: network unreachable resolving '1928505594.rsc.cdn77.org/A/IN': 2a02:6ea0:cd77::2#53
May  4 08:05:56 Mail named[7295]: network unreachable resolving 'tiktok-webrtc.liveplay.myqcloud.com/A/IN': 2402:4e00:8020:100::10f#53
May  4 08:05:57 Mail named[7295]: network unreachable resolving 'pull-flv-l10-sg01.tiktokcdn.com.rocket-cdn.com/A/IN': 2407:c080:0:ffff:ffff:fffe:0:1#53
May  4 08:05:58 Mail named[7295]: network unreachable resolving '1394501235.rsc.cdn77.org/A/IN': 2a02:6ea0:cd77::1#53
May  4 08:05:58 Mail named[7295]: network unreachable resolving '1394501235.rsc.cdn77.org/A/IN': 2a02:6ea0:cd77::2#53
May  4 08:05:59 Mail named[7295]: network unreachable resolving '1276298696.rsc.cdn77.org/A/IN': 2a02:6ea0:cd77::2#53
May  4 08:05:59 Mail named[7295]: network unreachable resolving '1276298696.rsc.cdn77.org/A/IN': 2a02:6ea0:cd77::1#53
May  4 08:06:00 Mail named[7295]: network unreachable resolving '1533248697.rsc.cdn77.org/A/IN': 2a02:6ea0:cd77::1#53
May  4 08:06:39 Mail named[7295]: network unreachable resolving 'ns-631.awsdns-14.net/A/IN': 2600:9000:5305:4e00::1#53
May  4 08:06:39 Mail named[7295]: network unreachable resolving 'ns-631.awsdns-14.net/AAAA/IN': 2600:9000:5305:4e00::1#53
May  4 08:06:39 Mail named[7295]: network unreachable resolving 'ns-1676.awsdns-17.co.uk/A/IN': 2600:9000:5301:5100::1#53
May  4 08:06:39 Mail named[7295]: network unreachable resolving 'ns-1676.awsdns-17.co.uk/AAAA/IN': 2600:9000:5301:5100::1#53
May  4 08:06:39 Mail named[7295]: network unrea^C[/size]

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: BIND9 IPv6 problem

#2 Post by Head_on_a_Stick »

MikeLieberman wrote: 2022-05-07 06:09Is there a BIND 9 compiled with a special build-time option (./configure --enable-filter-aaaa) for Debian?
The standard bind9 package is compiled with that option enabled: https://salsa.debian.org/dns-team/bind9 ... /rules#L70

See also https://xyproblem.info/
deadbang

User avatar
MikeLieberman
Posts: 162
Joined: 2013-01-29 17:26
Location: General Santos City, Philippines
Has thanked: 17 times
Been thanked: 2 times

Re: BIND9 IPv6 problem

#3 Post by MikeLieberman »

Well, if that's the case then something is broken in the build.

I want to note that what follows fist is under Debian 10; I will discuss Debian 11 at the very bottom, as it is broken in a different manner..

The ICS manual says:
an options statement to enable it (for example, filter-aaaa-on-v4 yes; and/or filter-aaaa-on-v6 yes;) must be declared in named.conf.
And so I edited my named.conf file by including: filter-aaaa-on-v6 yes

BIND9 would not restart and generated the error:

Code: Select all

[b]May 08 09:58:05 Mail named[11869]: /etc/bind/named.conf:12: unknown option 'filter-aaaa-on-v6'
May 08 09:58:05 Mail named[11869]: loading configuration: failure
May 08 09:58:05 Mail named[11869]: exiting (due to fatal error)[/b]
I commented out the offending line in named.conf and BIND9 to successfully load like normal.

The manual says:
If filter-aaaa-on-v4 or filter-aaaa-on-v6 is set to break-dnssec instead of yes, then AAAA records will be omitted even if they are signed. RRSIG records covering type AAAA will be omitted as well.
I put the commands in the named.conf.options instead. So these two lines were added.

filter-aaaa-on-v4 break-dnssec;
filter-aaaa-on-v6 break-dnssec;


BIND loaded but the filtering didn't work.

Here's the top of restart section:

Code: Select all

May  8 10:35:24 Mail named[12234]: starting BIND 9.11.5-P4-5.1+deb10u7-Debian (Extended Support Version) <id:998753c>
May  8 10:35:24 Mail named[12234]: running on Linux x86_64 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17)
May  8 10:35:24 Mail named[12234]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--disable-isc-spnego' '--with-libidn2' '--with-libjson=/usr' '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' '--with-randomdev=/dev/urandom' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-PHgl7y/bind9-9.11.5.P4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
May  8 10:35:24 Mail named[12234]: running as: named -u bind
May  8 10:35:24 Mail named[12234]: compiled by GCC 8.3.0
May  8 10:35:24 Mail named[12234]: compiled with OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019
May  8 10:35:24 Mail named[12234]: linked to OpenSSL version: OpenSSL 1.1.1n  15 Mar 2022
May  8 10:35:24 Mail named[12234]: compiled with libxml2 version: 2.9.4
May  8 10:35:24 Mail named[12234]: linked to libxml2 version: 20904
May  8 10:35:24 Mail named[12234]: compiled with libjson-c version: 0.12.1
May  8 10:35:24 Mail named[12234]: linked to libjson-c version: 0.12.1
May  8 10:35:24 Mail named[12234]: threads support is enabled
May  8 10:35:24 Mail named[12234]: ----------------------------------------------------
May  8 10:35:24 Mail named[12234]: BIND 9 is maintained by Internet Systems Consortium,
May  8 10:35:24 Mail named[12234]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
May  8 10:35:24 Mail named[12234]: corporation.  Support and training for BIND 9 are 
May  8 10:35:24 Mail named[12234]: available at https://www.isc.org/support
May  8 10:35:24 Mail named[12234]: ----------------------------------------------------
May  8 10:35:24 Mail named[12234]: adjusted limit on open files from 524288 to 1048576
May  8 10:35:24 Mail named[12234]: found 1 CPU, using 1 worker thread
May  8 10:35:24 Mail named[12234]: using 1 UDP listener per interface
May  8 10:35:24 Mail named[12234]: using up to 4096 sockets
May  8 10:35:24 Mail named[12234]: loading configuration from '/etc/bind/named.conf'
May  8 10:35:24 Mail named[12234]: reading built-in trust anchors from file '/etc/bind/bind.keys'
May  8 10:35:24 Mail named[12234]: initializing GeoIP Country (IPv4) (type 1) DB
May  8 10:35:24 Mail named[12234]: GEO-106FREE 20181108 Build
May  8 10:35:24 Mail named[12234]: initializing GeoIP Country (IPv6) (type 12) DB
May  8 10:35:24 Mail named[12234]: GEO-106FREE 20181108 Build
May  8 10:35:24 Mail named[12234]: GeoIP City (IPv4) (type 2) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP City (IPv4) (type 6) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP City (IPv6) (type 30) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP City (IPv6) (type 31) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP Region (type 3) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP Region (type 7) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP ISP (type 4) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP Org (type 5) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP AS (type 9) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP Domain (type 11) DB not available
May  8 10:35:24 Mail named[12234]: GeoIP NetSpeed (type 10) DB not available
May  8 10:35:24 Mail named[12234]: using default UDP/IPv4 port range: [32768, 60999]
May  8 10:35:24 Mail named[12234]: using default UDP/IPv6 port range: [32768, 60999]
May  8 10:35:24 Mail named[12234]: listening on IPv6 interfaces, port 53
May  8 10:35:24 Mail named[12234]: listening on IPv4 interface lo, 127.0.0.1#53
May  8 10:35:24 Mail named[12234]: listening on IPv4 interface enp0s8, 192.168.1.74#53
May  8 10:35:24 Mail named[12234]: generating session key for dynamic DNS
May  8 10:35:24 Mail named[12234]: sizing zone task pool based on 7 zones
May  8 10:35:24 Mail named[12234]: none:106: 'max-cache-size 90%' - setting to 5367MB (out of 5964MB)
May  8 10:35:24 Mail named[12234]: obtaining root key for view _default from '/etc/bind/bind.keys'
May  8 10:35:24 Mail named[12234]: set up managed keys zone for view _default, file 'managed-keys.bind'
It loads the standard stuff and then...

Code: Select all

May  8 10:35:24 Mail named[12234]: all zones loaded
May  8 10:35:24 Mail named[12234]: running
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:dc3::35#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:200::b#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:7fe::53#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:7fd::1#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:1::53#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
May  8 10:35:24 Mail named[12234]: network unreachable resolving './NS/IN': 2001:500:2::c#53
May  8 10:35:25 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:500:1::53#53
May  8 10:35:25 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:500:9f::42#53
May  8 10:35:25 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:c27::2:30#53
May  8 10:35:25 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:7fe::53#53
May  8 10:35:25 Mail named[12234]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
May  8 10:35:25 Mail named[12234]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:a83e::2:30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:231d::2:30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:eea3::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:501:b1f9::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:83eb::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:502:8cc::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:500:d937::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:d414::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:502:7094::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:d2d::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:502:1ca1::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:500:856e::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:503:39c1::30#53
May  8 10:35:26 Mail named[12234]: resolver priming query complete
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:4860:4802:36::a#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:4860:4802:32::a#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:4860:4802:34::a#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'www.google.com/A/IN': 2001:4860:4802:38::a#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'google.com/DS/IN': 2001:503:eea3::30#53
May  8 10:35:26 Mail named[12234]: network unreachable resolving 'google.com/DS/IN': 2001:500:d937::30#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2603:1061:0:10::22#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2001:500:40::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2001:500:e::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2001:500:f::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2001:500:b::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/A/IN': 2001:500:19::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/A/IN': 2001:500:49::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/A/IN': 2001:500:b::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2001:500:c::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/A/IN': 2001:500:c::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/A/IN': 2001:500:1c::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/A/IN': 2001:500:1a::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2001:500:48::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/A/IN': 2001:500:48::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/AAAA/IN': 2001:500:1a::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/A/IN': 2001:500:1b::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/AAAA/IN': 2001:500:1b::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/A/IN': 2001:500:41::1#53
May  8 10:36:03 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/AAAA/IN': 2001:500:41::1#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2a01:111:4000::3#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2a01:111:4000::1#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2a01:111:4000::4#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns7-34.azure-dns.org/AAAA/IN': 2a01:111:4000::2#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns2-34.azure-dns.net/AAAA/IN': 2620:1ec:8ec::2#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns2-34.azure-dns.net/AAAA/IN': 2620:1ec:8ec::3#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns2-34.azure-dns.net/AAAA/IN': 2620:1ec:8ec::4#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns2-34.azure-dns.net/AAAA/IN': 2620:1ec:8ec::1#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns2-34.azure-dns.net/A/IN': 2620:1ec:8ec::4#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns2-34.azure-dns.net/A/IN': 2620:1ec:8ec::3#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/AAAA/IN': 2620:1ec:bda::2#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/AAAA/IN': 2620:1ec:bda::1#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/AAAA/IN': 2620:1ec:bda::4#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/AAAA/IN': 2620:1ec:bda::3#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'ns8-34.azure-dns.info/A/IN': 2620:1ec:bda::2#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'a5-130.akagtm.org/A/IN': 2001:500:c::1#53
May  8 10:36:04 Mail named[12234]: network unreachable resolving 'a5-130.akagtm.org/AAAA/IN': 2001:500:c::1#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f0fc:c:face:b00c:0:35#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f0fd:c:face:b00c:0:35#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f1fd:c:face:b00c:0:35#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f1fc:c:face:b00c:0:35#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f1fc:b:face:b00c:0:99#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f0fd:b:face:b00c:0:99#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f1fd:b:face:b00c:0:99#53
May  8 10:36:11 Mail named[12234]: network unreachable resolving 'star.c10r.facebook.com/A/IN': 2a03:2880:f0fc:b:face:b00c:0:99#53
May  8 10:36:40 Mail named[12234]: network unreachable resolving 'verywellaged.com/A/IN': 2001:503:231d::2:30#53
And on and on...

Debian 11 is giving me:

Code: Select all

May  8 14:20:06 Server named[11287]: /etc/bind/named.conf.options:23: option 'filter-aaaa-on-v4' is obsolete and should be removed
May  8 14:20:06 Server named[11287]: /etc/bind/named.conf.options:23: option 'filter-aaaa-on-v6' is obsolete and should be removed
and then BIND9 fails. (I had to remove the lines.) And then the flood of IPv6 "network unreachable resolving" starts once BIND runs.

dave22
Posts: 3
Joined: 2013-01-30 19:29

Re: BIND9 IPv6 problem

#4 Post by dave22 »

Don't know if this applies, but you might want to do `dpkg -S filter-aaaa.so` or a 'find' on the bind plugin's name: "filter-aaaa.so"

I found that my bind9 package [1:9.16.27-1~deb11u1] had dropped it into my /usr/lib/aarch64-linux-gnu/named/filter-aaaa.so

Adding the appropriate stanza into named.conf gave me what I wanted: screening the AAAA query responses.
Note that if you are using 'view' statements, all plugins must be defined in the view definition

Code: Select all

plugin query "/_PATH_TO_/filter-aaaa.so" {
  filter-aaaa-on-v4 yes;
  filter-aaaa-on-v6 yes;
};

Post Reply