bind

1. named error (network unreachable) resolving

2012-07-03

If you are seeing a lot of "network unreachable" errors such as ones from the log snippet below,


Jul  3 14:29:33 turtle named[1646]: error (network unreachable) resolving 'magicmonster.co.uk/AAAA/IN': 2001:41d0:1:4a8c::1#53

then it may be because IPV6 is not yet supported.

To disable IPV6, (and rely on IPV4), on ubuntu edit the file /etc/default/bind9, and add the "-4" switch to the options. My config file now looks like:


# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-4 -u bind"

2. blackhole domains

2012-07-03

You can block certain servers by configuring the wrong IP in your DNS server. This is useful for unwanted domains such as ad servers.

Below is the contents of /etc/bind/blackhole.zone:


$TTL 1W
@               IN SOA blackhole. blackhole. (
                                1              ; serial
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum

                IN NS           blackhole.
                   A            127.0.0.1
*               IN A            127.0.0.1
    

The * is a wildcard match for any subdomains. Now all domains will resolve to 127.0.0.1.

I'm not sure why I needed to specify "blackhole." twice.. but it wasn't parsing the 2D (2 day) period without it.

To map the domains you can add the following to the local bind config:


zone "example.com" {
  type master;
  file "/etc/bind/blackhole.zone";
  notify false;
};

3. Reverse IP

This converts an IP address into a host name.

Firstly, identify the 4 octets of your IP. In this example we'll use the IP 11.22.33.44 and host name "reverse.example.com". The 4 octets are 11, 22, 33 and 44.

Create a file called "/etc/bind/db.11.22.33", and add the contents below:


;
; BIND reverse file for server
;
$TTL	604800
@	IN	SOA	ns.example.com. example.com. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	ns.
44	IN	PTR	example.com.
    

Next, edit "/etc/bind/named.conf.local". This file exists in the Ubuntu distribution. Append the following


zone "33.22.11.in-addr.arpa" {
  type master;
  notify no;
  file "/etc/bind/db.11.22.33";
};
    

Restart bind.

4. Zone transfers

The enable a secondary name server not hosted by you, you have to allow zone transfers. To check this, run

dig axfr example.com @ns.primary.example.com

where example.com is your domain, and ns.primary.example.com is your primary name server.

5. Logging queries

To log queries into the syslog, run

rndc querylog