×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

IPV6 related issue on bind 9.16.1 on Ubuntu 20.04

IPV6 related issue on bind 9.16.1 on Ubuntu 20.04

IPV6 related issue on bind 9.16.1 on Ubuntu 20.04

(OP)
I'm running a recursive bind 9.16.1 on my Ubuntu 20.04. It's just an internal LAN server, so not serving as an authoritative server for any domains. It's not using any forwarders and it's running dnssec.

When forced to run only over ipv4 with the -4 command line switch, everything works fine.

However, if I allow it to use ipv6 for queries, my logs are literally flooded with errors such as the following, at a very high rate of many per second.

CODE -->

08-Feb-2021 20:02:26.405 query-errors: client @0x7f0350013dd0 127.0.0.1#42665 (incoming.telemetry.mozilla.org): query failed (SERVFAIL) for incoming.telemetry.mozilla.org/IN/A at query.c:6883 

I've checked the obvious: ipv6 is functional and the machine can reach the public ipv6 internet. Port 53 is not filtered.

I'm somewhat perplexed by this behaviour. Is there anything obvious I should be looking at to track down the cause of this failure?

CODE -->

root@ubuntu:~# nmap -6 -sU -p53 2001:4860:4860::8888
Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-08 20:06 GMT
Nmap scan report for dns.google (2001:4860:4860::8888)
Host is up (0.023s latency).

PORT   STATE SERVICE
53/udp open  domain

Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds 

CODE

root@ubuntu:~# nslookup
> a.root-servers.net
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
Name:	a.root-servers.net
Address: 198.41.0.4
Name:	a.root-servers.net
Address: 2001:503:ba3e::2:30
> 
> server 2001:503:ba3e::2:30
Default server: 2001:503:ba3e::2:30
Address: 2001:503:ba3e::2:30#53
> b.root-servers.net
Server:		2001:503:ba3e::2:30
Address:	2001:503:ba3e::2:30#53

Non-authoritative answer:
Name:	b.root-servers.net
Address: 199.9.14.201
Name:	b.root-servers.net
Address: 2001:500:200::b
> 

RE: IPV6 related issue on bind 9.16.1 on Ubuntu 20.04

(OP)
The answer is that there was an IPv6 firewall rule redirecting DNS queries to a local server that wasn't excluding the internal server's queries...

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close