Re: Help needed with possible DNS problems

Sat, 04 Oct 2014 13:56:07 -0700 


Am 04.10.2014 um 22:38 schrieb Yasir Assam:

Thanks Reindl.

I haven't investigated ipv6 properly, but looking at my Hosting
provider's wiki and a few of my config files, it seems ipv6 is available
(I have been assigned an ipv6 subnet). I have something like this:
http://wiki.hetzner.de/index.php/Netzkonfiguration_Debian/en#Dedicated_Servers_3


well, even if you need to configure the server also properly
or make sure your provider does - in dfoubt for now stay at
ipv4


I'd rather not turn ipv6 off, but I'll need to investigate further to
see why it isn't working (with bind9 at least).


until you are sure ipv6 works in all directions disable it
and as long you are about investigate to avoid troubles

in fact you need proper ipv6 configuration in DNS (including
SPF) and on the complete software stack - if that is not
100% sure you are better suited with ipv4 only


Thanks for the tip about unbound.


no problem
for "real" nameservers i use also bind everywhere for prouction setups as well as for private play around - but depending on the task there are often optimized tools 

* bind for authoritative servers
* unbound for cacheing only
* rbldnsd for DNSBL/DNSWL
* well, unbound combind with rbldnsd on the same machine
  since unbound can forward subdomains to 127.0.0.1:specialport
* dnsmasq on hosts with Apache Traffiserver to reach goals like
  point with the public DNS to the origin or "load-balancer" and
  feed the dnsmasq hosts-file automated instead be forced to
  deal with complete dns zones
with that 4 tools you can cover anything in context of DNS and just use the right tool on the dependeing server saves ressources and headache 


On 4/10/2014 7:13 PM, Reindl Harald wrote:

Am 04.10.2014 um 08:12 schrieb Yasir Assam:

I took the advice on
https://wiki.apache.org/spamassassin/CachingNameserver and set up a
caching name server.

spamd isn't reporting errors now, but named is:

if you don't have ipv6 i would disable it on the OS level
i have the following settings on a lot of machines for years
after add them to "sysctl.conf" ifconfig now longer should
show any ipv6 link local address

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.default.accept_source_route=0

BTW:
for a caching-only server i would recommend unbound
instead bind - less fatures but more power


Oct  4 15:23:10 buildoneforme spamd[27020]: spamd: connection from
localhost [127.0.0.1] at port 37690
Oct  4 15:23:10 buildoneforme spamd[27020]: spamd: using default config
for nobody: /var/spamassassin/user_prefs
Oct  4 15:23:10 buildoneforme spamd[27020]: spamd: checking message
<CAO+DrwNx2z=6cpghvtqwosq1tjphewd_j69lgax8seds0e9...@mail.gmail.com> for
nobody:1001
Oct  4 15:23:10 buildoneforme named[26974]: error (network unreachable)
resolving '181.217.85.209.zen.spamhaus.org/A/IN': 2001:500:48::1#53
Oct  4 15:23:10 buildoneforme named[26974]: error (network unreachable)
resolving '181.217.85.209.bl.spamcop.net/TXT/IN': 2600:1401:2::5a#53
Oct  4 15:23:10 buildoneforme named[26974]: error (network unreachable)
resolving 'a.auth-ns.sonic.net/A/IN': 2607:f0d0:1102:f::2#53
Oct  4 15:23:10 buildoneforme named[26974]: error (network unreachable)
resolving 'c.auth-ns.sonic.net/A/IN': 2607:f0d0:1102:f::2#53
Oct  4 15:23:10 buildoneforme named[26974]: error (network unreachable)
resolving 'b.auth-ns.sonic.net/A/IN': 2607:f0d0:1102:f::2#53
Oct  4 15:23:10 buildoneforme named[26974]: error (network unreachable)
resolving 'a.auth-ns.sonic.net/AAAA/IN': 2607:f0d0:1102:f::2#53
Oct  4 15:23:10 buildoneforme named[26974]: error (network unreachable)
resolving 'a.auth-ns.sonic.net/A/IN': 2001:5a8:0:3::1#53

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to