Named - Network Unreachable

[Anonymous]

Good Day. First off, thank you for a most wonderful product!!

I was looking over my syslog, and noticed named logging "network unreachable" events, mostly with IPv6 lookups. I've tried running update.sh (as my build shows Release: 2015-03-26), but this just downloads the ver file then appears to stop. Named even logs a "network unreachable" error when running the update.sh script.

Manually looking up the IP via 'host' works just fine.

Is this normal?

[Marius Gologan]

Hi,

To update run /var/www/bin/update.sh force

Most probably that hostname has an IPv6 published in DNS (in addition to IPv4), but you don't have a route to establish connection with IPv6 address(es).

Marius.

[Anonymous]

In addition, I run two on-LAN DNS servers, which are configured in Scrollout on the CONNECT page, and have the internal DNS checkbox enabled.

Some log output:

---

Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving 'arteobjetivo.net.dbl.spamhaus.org/A/IN': 2001:7b8:3:1f:0:2:53:1#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving 'www.arteobjetivo.net/A/IN': 2400:cb00:2049:1::adf5:3a3d#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving 'www.arteobjetivo.net/A/IN': 2400:cb00:2049:1::adf5:3b92#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving 'www.arteobjetivo.net.dlv.isc.org/DLV/IN': 2001:500:60::29#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving 'www.arteobjetivo.net.dlv.isc.org/DLV/IN': 2001:4f8:0:2::20#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving 'www.arteobjetivo.net.dlv.isc.org/DLV/IN': 2001:500:71::29#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving '47.122.223.63.list.dnswl.org/A/IN': 2600:3c01::21:1000#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving '47.122.223.63.list.dnswl.org/A/IN': 2600:3c01::f03c:91ff:fe96:340b#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving '47.122.223.63.list.dnswl.org/A/IN': 2a01:4f8:131:4e2::2#53
Jun 14 07:35:19 mailgate named[31258]: error (network unreachable) resolving '47.122.223.63.iadb.isipp.com/A/IN': 2001:470:1:41::d8da:df43#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving 'american-financial-freedom.com.rspam-uri-domain.rbl.scrolloutf1.com/A/IN': 2a03:b0c0:3:d0::6f:d001#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving 'american-financial-freedom.com.rspam-uri-domain.rbl.scrolloutf1.com/A/IN': 2604:a880:1:20::190:e001#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving 'american-financial-freedom.com.rspam-uri-domain.rbl.scrolloutf1.com/A/IN': 2a03:b0c0:2:d0::3c5:4001#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving 'american-financial-freedom.com.rspam-uri-domain.rbl.scrolloutf1.com/A/IN': 2604:a880:800:10::72f:a001#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving 'www.american-financial-freedom.com/A/IN': 2400:cb00:2049:1::adf5:3b53#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving 'www.american-financial-freedom.com/A/IN': 2400:cb00:2049:1::adf5:3a3c#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving '9.11.70.208.zen.spamhaus.org/A/IN': 2001:7b8:3:1f:0:2:53:2#53
Jun 14 07:35:35 mailgate named[31258]: error (network unreachable) resolving '9.11.70.208.psbl.surriel.com/A/IN': 2002:4a5c:3b41:1:5054:ff:fe93:1f2b#53
Jun 14 07:35:35 mailgate named[31258]: error (connection refused) resolving '9.11.70.208.list.dnswl.org/A/IN': 173.255.241.134#53

[Anonymous]

Wow. Thanks for the quick reply. Running update.sh force now.

[Anonymous]

Errors persist after the upgrade. May be likely due to the fact that my router is not configured for IPv6. Is there a way to force IPv4 only, or should I not be concerned about these errors? I have a hunch this may be effecting my learning?

[Marius Gologan]

Prioritize IPv4 by commenting last "precedence" in /etc/gai.conf file:
precedence ::ffff:0:0/96 100

[Anonymous]

Thanks, Marius. I un-commented the above mentioned line (was commented out by default). Appears it's still hitting IPv6 lookups first:

---

Jun 14 08:51:13 mailgate named[15220]: error (network unreachable) resolving 'ns1.globaldns.nl/A/IN': 2a00:1188:5::212#53
Jun 14 08:51:13 mailgate named[15220]: error (network unreachable) resolving 'ns1.globaldns.nl/AAAA/IN': 2a00:1188:5::212#53
Jun 14 08:51:13 mailgate named[15220]: error (network unreachable) resolving 'ns2.globaldns.nl/A/IN': 2001:660:3005:1::1:2#53
Jun 14 08:51:13 mailgate named[15220]: error (network unreachable) resolving 'ns2.globaldns.nl/AAAA/IN': 2001:660:3005:1::1:2#53
Jun 14 08:51:13 mailgate named[15220]: error (network unreachable) resolving 'ns1.globaldns.nl/A/IN': 2001:660:3005:1::1:2#53
Jun 14 08:51:13 mailgate named[15220]: error (network unreachable) resolving 'ns1.globaldns.nl/AAAA/IN': 2001:660:3005:1::1:2#53

---

Manual lookup via host command succeeds:

---

root@mailgate:/etc/bind# host ns1.globaldns.nl
ns1.globaldns.nl has address 62.116.159.4
ns1.globaldns.nl has IPv6 address 2001:4178:3:a357:62:116:159:4
root@mailgate:/etc/bind#

---

Anything else you may suggest? Cheers and thank you very much for your help.

[Marius Gologan]

Last suggestion is to turn off IPv6 completely:
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.lo.disable_ipv6=1
sysctl -w net.ipv6.conf.eth0.disable_ipv6=1

Replace eth0 in the last sentence with your network.

[Anonymous]

Will give this a try. Much thanks!

-Bryan

[Anonymous]

Still had issues after performing the commands to disable IPv6. I then did the following:

1. Disabled ipv6 listener in named.conf.options via the dns.sh script.
2. Added inet_protocols = ipv4 in /etc/postfix/main.cfg

I seem to be getting better results:

Jun 14 10:03:17 mailgate named[30754]: success resolving '12.155.61.185.sbl.spamhaus.org/A' (in 'sbl.spamhaus.org'?) after disabling EDNS
Jun 14 10:03:17 mailgate named[30754]: success resolving '28.21.197.69.sbl.spamhaus.org/A' (in 'sbl.spamhaus.org'?) after disabling EDNS
Jun 14 10:03:17 mailgate named[30754]: success resolving '28.21.197.69.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after disabling EDNS
Jun 14 10:03:17 mailgate named[30754]: success resolving '12.155.61.185.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after disabling EDNS
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-a.pnap.net/AAAA/IN': 2001:503:a83e::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-a.pnap.net/AAAA/IN': 2001:503:231d::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-c.pnap.net/A/IN': 2001:503:a83e::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-c.pnap.net/AAAA/IN': 2001:503:a83e::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-d.pnap.net/A/IN': 2001:503:a83e::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-d.pnap.net/AAAA/IN': 2001:503:a83e::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-c.pnap.net/A/IN': 2001:503:231d::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-c.pnap.net/AAAA/IN': 2001:503:231d::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-d.pnap.net/A/IN': 2001:503:231d::2:30#53
Jun 14 10:03:17 mailgate named[30754]: error (network unreachable) resolving 'ns-d.pnap.net/AAAA/IN': 2001:503:231d::2:30#53
Jun 14 10:03:17 mailgate named[30754]: success resolving 'ns-c.pnap.net/AAAA' (in 'pnap.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 14 10:03:17 mailgate named[30754]: success resolving 'ns-a.pnap.net/AAAA' (in 'pnap.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 14 10:03:17 mailgate named[30754]: success resolving '11.155.61.185.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets

[Anonymous]

Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'ns4.msft.net/AAAA/IN': 2620:0:30::53#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'time.windows.com/AAAA/IN': 2620:0:32::53#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'time.windows.com/A/IN': 2620:0:32::53#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'a4-131.akadns.org/A/IN': 2001:500:e::1#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'a4-131.akadns.org/AAAA/IN': 2001:500:e::1#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'a5-130.akadns.org/A/IN': 2001:500:f::1#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'a5-130.akadns.org/AAAA/IN': 2001:500:f::1#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'a4-131.akadns.org/A/IN': 2001:500:f::1#53
Jun 14 10:17:01 mailgate named[30754]: error (network unreachable) resolving 'a4-131.akadns.org/AAAA/IN': 2001:500:f::1#53
Jun 14 10:17:02 mailgate named[30754]: error (network unreachable) resolving 'dns2.udel.edu/A/IN': 2001:503:cc2c::2:36#53
Jun 14 10:17:02 mailgate named[30754]: error (network unreachable) resolving 'dns2.udel.edu/A/IN': 2607:f470:1001::1:a#53
Jun 14 10:17:02 mailgate named[30754]: error (network unreachable) resolving 'dns2.udel.edu/A/IN': 2607:f470:1002::2:3#53
Jun 14 10:17:02 mailgate named[30754]: error (network unreachable) resolving 'dns2.udel.edu/A/IN': 2607:f470:1003::3:c#53
Jun 14 10:17:22 mailgate postfix/postscreen[30512]: CONNECT from [188.214.134.88]:41059 to [10.34.0.15]:25
Jun 14 10:17:30 mailgate postfix/postscreen[30512]: PASS NEW [188.214.134.88]:41059
Jun 14 10:17:30 mailgate named[30754]: error (network unreachable) resolving '88.134.214.188.in-addr.arpa/PTR/IN': 2001:500:2e::1#53
Jun 14 10:17:30 mailgate named[30754]: error (network unreachable) resolving 'tinnie.arin.net/A/IN': 2001:500:31::108#53
Jun 14 10:17:30 mailgate named[30754]: error (network unreachable) resolving 'ns3.nic.fr/A/IN': 2001:660:3006:1::1:1#53
Jun 14 10:17:36 mailgate postfix/smtpd[30700]: warning: hostname hst-188-214-134-88.balticservers.eu does not resolve to address 188.214.134.88: Name or service not known

[Marius Gologan]

Please try to reboot.

[Anonymous]

Same behavior. After startup, a few ipv4 lookups succeeded, then nothing but ipv6 failures.

I noticed the ipv4 setting in main.cf is gone; a script overwriting this?

[Marius Gologan]

yes, the settings are replied. You need to add the change in /var/www/cfg/agresivity/subfolders/main.cf

[Marius Gologan]

Try to update.
I made a fix for that:
if IPv6 is not set on the machine, will disable it in Postfix.

Marius.

[Anonymous]

Hi Marius.

I was actually able to solve the issue by adding the option "-4" in /etc/default/bind9.

Lookups are now resolving correctly via IPv4.

The only issue I'm seeing is "Connection refused" on lookups to the scrolloutf1.local zone via 127.0.0.1#5353. I also get connection refused when attempting to telnet to port 5353 on the lo interface.

Is this by design as part of the internal caching/filtering, or do you think I still have an issue somewhere?

Thanks so much!

Bryan

[Marius Gologan]

in Scrollout, local port 5353 is used by rbldnsd service. A DNS server designed for RBL service only.
See why is not running:
/etc/init.d/rbldnsd restart

[Anonymous]

root@mailgate:~# /etc/init.d/rbldnsd restart
Starting rbldnsd: localhost
rbldnsd: listening on 127.0.0.1/5353
rbldnsd: unable to bind to ::1/5353: Cannot assign requested address

-Removed the :1 bind in /etc/default/rbldnsd.

Looks like I'm good to go! Thanks again, Marius!

-Bryan

[MACscr]

Do we still need to make modifications for ipv6 to fully work? Im having the same issue.