named error (network unreachable) resolving

If you are seeing a lot of “network unreachable” errors such as ones from the log snippet below,

Jul  3 14:29:33 turtle named[1646]: error (network unreachable) resolving 'magicmonster.co.uk/AAAA/IN': 2001:41d0:1:4a8c::1#53

then it may be because IPV6 is not yet supported.

To disable IPV6, (and rely on IPV4), on Ubuntu edit the file /etc/default/bind9, and add the -4 switch to the options.

My config file now looks like:

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-4 -u bind"

blackhole domains

You can block certain servers by configuring the wrong IP in your DNS server. This is useful for unwanted domains such as ad servers.

Below is the contents of /etc/bind/blackhole.zone:

$TTL 1W
@               IN SOA blackhole. blackhole. (
                                1              ; serial
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum

                IN NS           blackhole.
                   A            127.0.0.1
*               IN A            127.0.0.1

The * is a wildcard match for any subdomains. Now all domains will resolve to 127.0.0.1.

I’m not sure why I needed to specify “blackhole.” twice.. but it wasn’t parsing the 2D (2 day) period without it.

To map the domains you can add the following to the local bind config:

zone "example.com" {
  type master;
  file "/etc/bind/blackhole.zone";
  notify false;
};

Reverse IP

This converts an IP address into a host name.

First, identify the 4 octets of your IP. In this example we’ll use the IP 11.22.33.44 and host name reverse.example.com. The 4 octets are 11, 22, 33 and 44.

Create a file called /etc/bind/db.11.22.33, and add the contents below:

;
; BIND reverse file for server
;
$TTL	604800
@	IN	SOA	ns.example.com. example.com. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	ns.
44	IN	PTR	example.com.

Next, edit /etc/bind/named.conf.local. This file exists in the Ubuntu distribution. Append the following

zone "33.22.11.in-addr.arpa" {
  type master;
  notify no;
  file "/etc/bind/db.11.22.33";
};

Restart bind.

Zone transfers

To enable a secondary name server not hosted by you, you have to allow zone transfers. To check this, run

dig axfr example.com @ns.primary.example.com

where example.com is your domain, and ns.primary.example.com is your primary name server.

Logging queries

To log queries into the syslog, run

rndc querylog