HowTo: Bind9 Disable IPv6 (couldnt Add Command Channel ::1 953: Address Not Available)

HowTo: Bind9 Disable IPv6 (couldnt Add Command Channel ::1 953: Address Not Available)

Download File - https://shurll.com/2tvpF6

HowTo: Bind9 â Disable IPv6 (couldnât Add Command Channel ::1 953: Address Not Available)

If you are running a Bind 9.x server and you have disabled IPv6 completely on your system, you may encounter some errors or warnings in your log files related to IPv6 name resolution or command channel. For example:

couldnât add command channel ::1#953: address not available

network unreachable resolving '3.rhel.pool.ntp.org/A/IN': 2001:500:a8::e#53

These messages indicate that Bind is still trying to use IPv6 for some operations, even though it is not available on your system. To disable IPv6 for Bind, you need to do two things:

Add the -4 option to the Bind startup script to force it to use only IPv4.

Filter out AAAA records on your name server to prevent it from returning IPv6 addresses to clients.

In this article, we will show you how to do these steps on a Red Hat Enterprise Linux 7.x system. The steps may vary slightly depending on your Linux distribution and Bind version.

Step 1: Add the -4 option to the Bind startup script

The -4 option tells Bind to use only IPv4 sockets for listening and outgoing queries. To add this option, you need to edit the /etc/sysconfig/named file and insert the following line:

OPTIONS=\"-4\"

This will override any other options that may be specified in the /etc/named.conf file. If you have other options that you want to pass to Bind, you can append them after the -4 option.

Step 2: Filter out AAAA records on your name server

The AAAA records are the DNS records that contain IPv6 addresses. If your name server returns these records to clients that do not support IPv6, they may fail to connect or experience delays. To filter out these records, you need to do two things:

Make sure that your Bind is compiled with the --enable-filter-aaaa option. This is a special build-time option that enables the filtering feature. You can check if your Bind has this option by running the following command:

named -V grep filter-aaaa

If you see --enable-filter-aaaa in the output, then your Bind has this option. If not, you may need to install a different version of Bind or compile it from source with this option.

Add an options statement in your /etc/named.conf file to enable the filtering feature. You can use one of the following statements depending on your needs:

filter-aaaa-on-v4 yes; // This will filter out AAAA records on IPv4 queries

filter-aaaa-on-v6 yes; // This will filter out AAAA records on IPv6 queries

filter-aaaa { acl; }; // This will filter out AAAA records for clients that match the acl

The first two statements are global and apply to all queries. The third statement allows you to specify an access control list (acl) that defines which clients should be filtered. For example, you can use this statement to filter out AAAA records only for local clients:

filter-aaaa { localhost; localnets; };

You can also use negative logic to exclude some clients from filtering. For example, you can use this statement to filter out AAAA records for all clients except those in a specific subnet:

filter-aaaa { !10.0.0.0/24; any; };

You can define multiple acls and combine them with logical operators (&&, , !) as needed.

Step 3: Restart the Bind service aa16f39245