[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9 and dns forward

Le 1 juin 2023 Bonno Bloksma a écrit :

> linbobo:~# ss -nap | grep named
> tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53 [::]:*
> users:(("named",pid=554,fd=78))
> tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53 [::]:*
> users:(("named",pid=554,fd=71))
> tcp LISTEN 0 10 [fe80::33bc:2b:d928:991d]%tun0:53 [::]:*
> users:(("named",pid=554,fd=94))

You should not use fe80:: adresses on eno1 as you have an ipv6 2a02 on
this interface. But you don't have real ipv6 on tun0. fe80:: is only
assigned when there is no adress assigned for an interface. Usually fe80::
are local only and not routed. And bind use ipv6 first. So I suspect that
your vpn block ipv6 from your tun0 fe80::. Check your vpn configuration
to setup a real ipv6 adress.

Meanwhile change /etc/bind/named.conf.options to select only your good ip

    listen-on port 53 {
        127.0.0.1;
        172.16.17.1;
        172.16.1.138;
    };
    listen-on-v6 port 53 {
        ::1;
        2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3;
        # add here real ipv6 from vpn when setup
    };
Reply to: