Configure BIND 9 For IPv4 (or IPv6) Only

By | 2009/03/21

I’m running a slave DNS server on the machine that runs this website.  It is one of three DNS servers (one master, two slaves) that I have running for my multiple domains.  I recently noticed from my Logwatch output that it was having issues with IPv6 lookups and these were causing timeouts and putting extra notices in my log files.  I decided the best route would be to just turn off IPv6 in BIND altogether.

Configuring named

The named man page (man named) lists two options for supporting IPv4 or IPv6.  Each of these commands are mutually exclusive, meaning using one of the options will not allow you to use the other.  Either IPv4 or iPv6, not both.  Now the default is to use both, so if you want to continue supporting lookups on IPv4 and IPv6 there is nothing more you need to do.  If you want to *only* use one or the other you can use the -4 or -6 options in the configuration.

IPv4 only (/etc/default/bind9):

# run resolvconf?
# startup options for the server
OPTIONS="-4 -u bind"

IPv6 only (/etc/default/bind9):

# run resolvconf?
# startup options for the server
OPTIONS="-6 -u bind"

Once you have updated this file and defined the option you want, you’ll simply need to restart the BIND service and it’ll start listening on or or the other but, again, not both.

sudo /etc/init.d/bind9 restart

My BIND installation is now listening on only IPv4 and I have yet to see the same slowdown or amount of log output that I used to.  I guess, when we start using IPv6 one of these days I’ll need to change it, but I don’t have a lot of faith in that happening anytime soon.

2 thoughts on “Configure BIND 9 For IPv4 (or IPv6) Only

  1. Derek Morr

    What sort of IPv6 errors were you seeing in your logs? Do you mean that your resolver was trying to send queries over IPv6? Unless your box has a publicy routable IPv6 address, it shouldn’t do that. This is a common bug in some older Linux distros, that’s been fixed in recent versions of glibc.

  2. TomW

    Mercy! I've been combing for this bit of information all day. Apparently the options variable in the init.d script dont really get used, there where I dropped the "-4" at first. After undoing that change, and dropping the "-4" argument into the default/bind9 file, all that ipv6 nonsense is gone.


Comments are closed.