BIND IPv6 [Archive] - FedoraForum.org

View Full Version : BIND IPv6

asusag

16th May 2011, 07:55 PM

All,

I'm trying to implement IPv6 on our current DNS servers and I've run in to a snag. Running netstat, I can see the server is not listening on any IPv6 interfaces:
[root@copper etc]# netstat -lnptu |grep "named\W*$"
tcp 0 0 x.x.x.10:53 0.0.0.0:* LISTEN 26812/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 26812/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 26812/named
udp 0 0 x.x.x.10:53 0.0.0.0:* 26812/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 26812/named

Looking at my log, I see:
May 16 13:50:11 copper named[26667]: using default UDP/IPv4 port range: [1024, 65535]
May 16 13:50:11 copper named[26667]: using default UDP/IPv6 port range: [1024, 65535]
May 16 13:50:11 copper named[26667]: no IPv6 interfaces found

Here is what I have...

BIND 9.3.6

I have created no AAAA record zone files at this time, just trying to get it to listen at this point.

named.conf
options {
listen-on-v6 { any; };
listen-on { any; };
directory "/var/named";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "Unknown Version";
allow-query { "any"; };
allow-transfer { 64.184.1.6/32; 64.184.1.11/32; };
allow-recursion { 127.0.0.1/32; ::1/128; x.x.0.0/17; x.x.0.0/18; x.x.x.0/19; 2607:xxxx::/32; };

/etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=x.x.net

ifcfg-eth0
.
.
.
IPV6INIT=yes
IPV6ADDR=2607:xxxx:0:2::1:2/64
IPV6_DEFAULTGW=2607:xxxx:0:2::1
IPV6_AUTOCONF=no

Anyone run in to this before. I've verified using ip addr that I do indeed have an IPv6 interface. I can ping it, I can even ping6 ipv6.google.com from the server. I just can't figure out why it not listening on any IPv6 interfaces.

Thanks,
A

jpollard

16th May 2011, 09:18 PM

See if it is listening on "::1".

This is the IPv6 loopback. I use nslookup as in:

nslookup
> server ::1
Default server: ::1
Address: ::1#53
> google.com
Server: ::1
Address: ::1#53

Non-authoritative answer:
Name: google.com
Address: 74.125.93.103
Name: google.com
Address: 74.125.93.104
Name: google.com
Address: 74.125.93.105
Name: google.com
Address: 74.125.93.106
Name: google.com
Address: 74.125.93.147
Name: google.com
Address: 74.125.93.99
>

At a base level, it should respond to the "::1" server address on the server host.

After that, I think you have to start checking for firewall blocks.

asusag

16th May 2011, 09:25 PM

nslookup
> server ::1
Default server: ::1
Address: ::1#53
> google.com
;; connection timed out; no servers could be reached

Negative.

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:1e:0b:5c:29:18 brd ff:ff:ff:ff:ff:ff
inet x.x.x.10/24 brd 64.184.1.255 scope global eth0
inet6 2607:xxxx:0:2::1:2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21e:bff:fe5c:2918/64 scope link
valid_lft forever preferred_lft forever

From my perspective, (which isn't always a very good perspective) it seems like IPv6 is working at layer 3. I turn off the ip6-tables and I get the same result with DNS though..

asusag

17th May 2011, 03:50 PM

Solved.

Our Sys Admin had disabled IPv6 in /etc/sysconfig/named using

OPTIONS="-4"

hashed out that line and restarted the daemon and all is right with the world.