BIND - disabling IPv6 lookups
Michael Powell
nightrecon at hotmail.com
Mon Aug 31 17:57:51 UTC 2015
Damien Fleuriot wrote:
> Hello list,
>
>
> I'm currently experiencing this very weird behaviour with BIND 9.8.7
> running on 10-STABLE and, obviously, installed from ports.
>
>
> I'm trying to prevent BIND from trying to resolve AAAA resource records.
>
> To this effect, I've added :
> named_flags="-4" to /etc/rc.conf, as the man page and several google
> searches suggest [1]
>
>
> After restarting BIND, I see it's come back alive with the correct startup
> flag :
> /usr/local/sbin/named -4 -u bind -c /usr/local/etc/namedb/named.con
>
>
> However, I still see queries for AAAA records :
> 13:39:26.990819 IP 10.104.10.252.54566 > 195.158[snip].53: 43577+ [1au]
> AAAA? www.tvsembox.com. (45)
>
> Is that expected behaviour ?
> And yes, 10.104.10.252 is the actual FreeBSD box, not a client host trying
> to resolve stuff.
>
>
> [1]
>
https://www.sbarjatiya.com/notes_wiki/index.php/Disabling_IPv6_lookups_in_bind
I don't know if this will help, as it's slightly apples to oranges. I use
the Bind 9.9.x version from ports so may not apply and I don't know/not sure
whether it matters, or not. But there is under the make config in the bind99
port an option: FILTER_AAAA Enable filtering of AAAA records, which seems to
be 'off' by default. Not sure this actually applies to your situation.
Also don't really know exactly what it does either. Just a $0.02 idea.
-Mike
More information about the freebsd-questions
mailing list