Hello;
I have two "DMZ" BIND/DNS servers running whose purpose is to allow lookups via
them from my otherwise incapable internal network.
I've recently upgraded only one of them from BIND 9.5.0-P2 to BIND 9.5.1-P1.
Both servers are running Sparc/Solaris 9.
Upon upgrading one to BIND 9.5.0-P2, which was in an effort to resolve failed
lookups for .gov sites, I found that the server was now attempting to resolve
using IPv6 style addresses. I am not able to find any such attempts in the
past at all from either server (See messages from BIND 9.5.1-P1 server below).
I've installed a newer db.root file by running dig then saving the output to
db.root. The newer file contained IPv6 style entries, which I've manually
removed (about the same time attempts ceased)
I've also tried to force any attempts at using IPv6 and what appear to be
issues resolving .gov domains in my named.conf like this:
options {
edns-udp-size 512;
max-udp-size 512;
listen-on-v6 { none; };
};
logging {
category lame-servers {null;};
category edns-disabled {null;};
};
The issues that I was seeing with .gov sites resulted in this type of error in
my logfile:
Jan 22 11:24:56 NS1 named[7678]: [ID 873579 daemon.info] too many timeouts
resolving 'www.fdic.gov/A' (in 'www.fdic.gov'?): disabling EDNS
Any help would be greatly appreciated, am I missing something obvious, or
perhaps I need to add something else into my configs?
Thank you,
.vp
Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable
resolving 'ADNS1.BERKELEY.EDU/AAAA/IN':2001:500:2f::f#53
Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable
resolving 'ADNS2.BERKELEY.EDU/A/IN': 2001:500:2f::f#53
Jan 22 16:05:08 NS1 named[7678]: [ID 873579 daemon.info] network unreachable
resolving 'indom80.indomco.hk/A/IN': 2001:dc0:1:0:4777::140#53
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
