Hello;

I have two "DMZ" BIND/DNS servers running whose purpose is to allow lookups via 
them from my otherwise incapable internal network.

I've recently upgraded only one of them from BIND 9.5.0-P2 to BIND 9.5.1-P1. 
Both servers are running Sparc/Solaris 9.

Upon upgrading one to BIND 9.5.0-P2, which was in an effort to resolve failed 
lookups for .gov sites, I found that the server was now attempting to resolve 
using IPv6 style addresses.  I am not able to find any such attempts in the 
past at all from either server (See messages from BIND 9.5.1-P1 server below).

I've installed a newer db.root file by running dig then saving the output to 
db.root.  The newer file contained IPv6 style entries, which I've manually 
removed (about the same time attempts ceased)

I've also tried to force any attempts at using IPv6 and what appear to be 
issues resolving .gov domains in my named.conf like this:

options {
        edns-udp-size 512;
        max-udp-size  512;
        listen-on-v6 { none; };
};

logging {
        category lame-servers {null;};
        category edns-disabled {null;};
        };


The issues that I was seeing with .gov sites resulted in this type of error in 
my logfile:

Jan 22 11:24:56 NS1 named[7678]: [ID 873579 daemon.info] too many timeouts 
resolving 'www.fdic.gov/A' (in 'www.fdic.gov'?): disabling EDNS


Any help would be greatly appreciated, am I missing something obvious, or 
perhaps I need to add something else into my configs?


Thank you,


.vp


Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable 
resolving 'ADNS1.BERKELEY.EDU/AAAA/IN':2001:500:2f::f#53

Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable 
resolving 'ADNS2.BERKELEY.EDU/A/IN': 2001:500:2f::f#53

Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable 
resolving 'indom80.indomco.hk/A/IN': 2001:dc0:1:0:4777::140#53


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to