The Internet roots publish both A (IPv4) and AAAA (IPv6) address records.
The log noise you show is what happens when you enable IPv6 but don't have the
necessary routing in place to the IPv6 Internet, either natively or through
some sort of tunnel mechanism.
You could certainly turn IPv6 *off*, at the OS or the BIND level, but that's a
return to the past. Maybe this is a good reminder to think about your long-term
IPv6 strategy.
- Kevin
-----Original Message-----
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of David Li
Sent: Monday, February 22, 2016 6:48 PM
To: BIND Users
Subject: Re: A Zone Transfer Question
Barry and others:
Thanks for the help!
It's my bad that the slave zone's subnet range was missing from allow-query. I
also added the slave IP explicitly to the allow-transfer option. Now it's seems
to be working.
Another issue that I haven't quite figured out is the errors in the syslog. I
have no idea where these are coming from:
Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable) resolving
'node2/A/IN': 2001:503:c27::2:30#53 Feb 22 15:27:33 dli-centos7 named[2170]:
error (network unreachable) resolving 'node2/A/IN': 2001:7fd::1#53 Feb 22
15:27:33 dli-centos7 named[2170]: error (network unreachable) resolving
'./NS/IN': 2001:500:1::803f:235#53 Feb 22 15:27:33 dli-centos7 named[2170]:
error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53 Feb 22
15:27:33 dli-centos7 named[2170]: error (network unreachable) resolving
'./NS/IN': 2001:7fd::1#53 Feb 22 15:27:38 dli-centos7 named[2170]: error
(network unreachable) resolving 'node2/A/IN': 2001:dc3::35#53 Feb 22 15:27:38
dli-centos7 named[2170]: error (network unreachable) resolving 'node2/A/IN':
2001:7fe::53#53 Feb 22 15:27:38 dli-centos7 named[2170]: error (network
unreachable) resolving './NS/IN': 2001:dc3::35#53 Feb 22 15:27:38 dli-centos7
named[2170]: error (network unreachable) resolving './NS/
I don't have a zone file that have these records defined. Any idea?
David
> ------------------------------
>
> Message: 3
> Date: Fri, 19 Feb 2016 21:25:43 -0500
> From: Barry Margolin <bar...@alum.mit.edu>
> To: comp-protocols-dns-b...@isc.org
> Subject: Re: A Zone Transfer Question
> Message-ID: <barmar-b6877f.21254319022...@88-209-239-213.giganet.hu>
>
> In article <mailman.269.1455926963.73610.bind-us...@lists.isc.org>,
> David Li <dlipub...@gmail.com> wrote:
>
>> Hi John,
>>
>> Well, I was wrong about the log. I did find some info about why zone
>> transfer failed. On one server running zone rack1.com, I see:
>>
>> Feb 19 16:04:27 dli-centos7 named[13882]: client 10.4.3.101#20745
>> (rack1.com): query 'rack1.com/SOA/IN' denied Feb 19 16:04:27
>> dli-centos7 named[13882]: client 10.4.3.101#52612
>> (rack1.com): transfer of 'rack1.com/IN': IXFR ended
>>
>> Any idea why it's denied?
>
> VM1 has the option:
>
> allow-query {
> 10.4.1/24;
> 127.0.0.1;
> };
>
> 10.4.3.101 isn't in 10.4.1/24. The slave has to be allowed to query
> the master.
>
> --
> Barry Margolin
> Arlington, MA
>
>
> ------------------------------
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
