Bind-DNS IPv6解析错误network unreachable resolving

今天意外发现使用自建立的DNS出现解析异常。

在服务器上查看日志,出现了大量了IPv6解析报错:

Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns1.ourglb0.org/A/IN': 2001:500:e::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns3.ourglb0.org/A/IN': 2001:500:e::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns4.ourglb0.info/A/IN': 2001:500:1b::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns1.ourglb0.org/AAAA/IN': 2001:500:e::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns2.ourglb0.info/A/IN': 2001:500:1b::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns4.ourglb0.info/AAAA/IN': 2001:500:1b::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns3.ourglb0.org/AAAA/IN': 2001:500:e::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns2.ourglb0.info/AAAA/IN': 2001:500:1b::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns4.ourglb0.info/A/IN': 2001:500:49::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns3.ourglb0.org/A/IN': 2001:500:40::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns2.ourglb0.info/A/IN': 2001:500:49::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns5.ourglb0.org/A/IN': 2001:500:e::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns4.ourglb0.info/AAAA/IN': 2001:500:49::1#53
Jan 16 14:08:45 DNS named[8855]: network unreachable resolving 'dns3.ourglb0.org/AAAA/IN': 2001:500:40::1#53
Jan 16 14:08:46 DNS named[8855]: network unreachable resolving 'dns4.mwcloudcdn.info/A/IN': 2001:500:1b::1#53
Jan 16 14:08:46 DNS named[8855]: network unreachable resolving 'dns4.mwcloudcdn.info/A/IN': 2001:500:49::1#53

此为客户端请求了IPv6的域名解析,而DNS递归解析时获得了IPv6地址,而IPv6不可用,故报此错。

我将客户端(Windows 10)的IPv6协议禁用掉,然后再测试解析正常得到IPv4地址。

看样子的确是客户端请求了 IPv6 的AAAA记录导致的,但不可能在客户端上进行操作;于是经过查找,在bind启动进程上加上 -4 选项可以让bind仅提供IPv4的查询请求。

[root@DNS bind9]# ps -ef | grep named
named     8855     1  0 13:59 ?        00:00:02 named -u named
root     12337   977  0 15:38 pts/2    00:00:00 grep --color=auto named
[root@DNS bind9]# kill 8855
[root@DNS bind9]# named -4 -u named
[root@DNS bind9]# ps -ef | grep named
named    12339     1  1 15:38 ?        00:00:00 named -4 -u named
root     12358   977  0 15:38 pts/2    00:00:00 grep --color=auto named
[root@DNS bind9]# netstat -nlput | grep name
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 
tcp 0 0 172.16.220.224:53 0.0.0.0:* LISTEN 12339/named 
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 12339/named 
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 12339/named 
udp 0 0 192.168.122.1:53 0.0.0.0:* 12339/named 
udp 0 0 172.16.220.224:53 0.0.0.0:* 12339/named 
udp 0 0 127.0.0.1:53 0.0.0.0:* 12339/named 
[root@DNS bind9]#

这样bind就仅处理IPv4的域名请求。

发表评论

error: Content is protected !!