Skip to content
MagicMonster

bind

named error (network unreachable) resolving

Section titled “named error (network unreachable) resolving”

If you are seeing a lot of “network unreachable” errors such as ones from the log snippet below,

Jul  3 14:29:33 turtle named[1646]: error (network unreachable) resolving 'magicmonster.co.uk/AAAA/IN': 2001:41d0:1:4a8c::1#53

then it may be because IPV6 is not yet supported.

To disable IPV6, (and rely on IPV4), on Ubuntu edit the file /etc/default/bind9, and add the -4 switch to the options.

My config file now looks like:

# run resolvconf?
RESOLVCONF=no


# startup options for the server
OPTIONS="-4 -u bind"

blackhole domains

Section titled “blackhole domains”

You can block certain servers by configuring the wrong IP in your DNS server. This is useful for unwanted domains such as ad servers.

Below is the contents of /etc/bind/blackhole.zone:

$TTL 1W
@               IN SOA blackhole. blackhole. (
                                1              ; serial
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum


                IN NS           blackhole.
                   A            127.0.0.1
*               IN A            127.0.0.1

The * is a wildcard match for any subdomains. Now all domains will resolve to 127.0.0.1.

I’m not sure why I needed to specify “blackhole.” twice.. but it wasn’t parsing the 2D (2 day) period without it.

To map the domains you can add the following to the local bind config:

zone "example.com" {
  type master;
  file "/etc/bind/blackhole.zone";
  notify false;
};

Reverse IP

Section titled “Reverse IP”

This converts an IP address into a host name.

First, identify the 4 octets of your IP. In this example we’ll use the IP 11.22.33.44 and host name reverse.example.com. The 4 octets are 11, 22, 33 and 44.

Create a file called /etc/bind/db.11.22.33, and add the contents below:

;
; BIND reverse file for server
;
$TTL  604800
@  IN  SOA  ns.example.com. example.com. (
            2    ; Serial
       604800    ; Refresh
        86400    ; Retry
      2419200    ; Expire
       604800 )  ; Negative Cache TTL
;
@  IN  NS  ns.
44  IN  PTR  example.com.

Next, edit /etc/bind/named.conf.local. This file exists in the Ubuntu distribution. Append the following

zone "33.22.11.in-addr.arpa" {
  type master;
  notify no;
  file "/etc/bind/db.11.22.33";
};

Restart bind.

Zone transfers

Section titled “Zone transfers”

To enable a secondary name server not hosted by you, you have to allow zone transfers. To check this, run

dig axfr example.com @ns.primary.example.com

where example.com is your domain, and ns.primary.example.com is your primary name server.

Logging queries

Section titled “Logging queries”

To log queries into the syslog, run

rndc querylog