Tag Archives: bind

Configuring BIND DNS Server to listen only on a specific IP address

This is a short example driven howto on how you can configure BIND to listen on certain IP addresses which can also be an implicit network interface. IPv6 is also included in the examples. You could also say that this how you disable IPv6 for BIND/named, but it’s implicit to the operation.

listen-on default syntax

Note the “-v6” syntax for IPv6.

IPv4

listen-on port 53 { 127.0.0.1; };

IPv6

listen-on-v6 port 53 { ::1; };

you can also combine several IP addresses

listen-on port 53 { 127.0.0.1; 192.168.0.1; };

From the man page

listen-on [ port integer ] { address_match_element; ... };
listen-on-v6 [ port integer ] { address_match_element; ... };

To listen on all interfaces and IP addresses

listen-on { any;};
listen-on-v6 { any;};

That’s all. A few short tips.

// CrashMAG

Disable IPv6 lookups with Bind on RHEL or CentOS

Discovered during a recent project. Bind / Named was constantly spamming the logs about it being unable to reach root servers. The logs revealed that we were talking IPv6 addresses. Which was assumed to be disabled.

The less cool part was that in “/etc/named.conf” the following was commented out.

//      listen-on-v6 port 53 { ::1; };

It turns out that to disable the IPv6 lookups you have to edit “/etc/sysconfig/named” and set

OPTIONS="-4"

The option does the following

Use IPv4 only even if the host machine is capable of IPv6. -4 and -6 are mutually exclusive.

You then run

service named restart

This serves the very practical purpose of not spamming the logs. My ISP has yet to enable IPv6 so it does me no good.

// CrashMAG