Re: bind9 and ipv6

To: <debian-user@lists.debian.org>
Subject: Re: bind9 and ipv6
From: "nate" <debian-user@aphroland.org>
Date: Wed, 23 Oct 2002 15:33:44 -0700 (PDT)
Message-id: <[🔎] 17022.216.39.174.24.1035412424.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 20021023205728.GB27252@ool-182d5135.dyn.optonline.net>
References: <[🔎] 20021023205728.GB27252@ool-182d5135.dyn.optonline.net>

Kevin Coyner said:
>

> named[2387]: IPv6 structures in kernel and user space do not match
> named[2387]: IPv6 support is disabled
> named[2387]: no IPv6 interfaces found
>
> I have the IPv6 module compiled in my kernel, and I'm using 2.2.20.
>
> Are these startup references to IPv6 simply safe to ignore?

if you don't need BIND to listen on any IPv6 interfaces, or if your
not using IPv6 at all then yes it should be safe to ignore, it's
just telling you it can't find all the things it needs to support
IPv6 so it won't use it, no harm done.


>
> One more question:  I've set this up as a caching server.  However, can I
> add a master zone for the machines in my LAN, even though I don't have a
> FQDN?  I read the following article ...

you can do anything you want, nobody else in the world will know
unless they go out of their way to query your name server. if you
took say debian.org as your domain at home, that won't affect the
'real' debian.org since the "internet" has this domain "registered"
to a few specific nameservers and other domain name servers know to
query those registered servers to recieve data for that domain.

for a while on my network I had a domain named 'aphro'. Just plain
old aphro, no aphro.com no aphro.org just aphro. my gateway was
gateway.aphro, my desktop was aphro.aphro .  about a year ago I decided
to duplicate aphroland.org(my main domain) on my internal network, so
I actually have 2 copies of this domain(if I add a new host I have
to add it in 2 files and restart 2 copies of bind). So my internal
domain names work fine internally but do not resolve externally.

For a bit more security, if your planning on running BIND on your
gateway/firewall machine I would reccomend you firewall it as well
as have it only listen on your internal interface(s). Theres no real
reason to provide the world access to your nameserver if your not
serving authoratative data to anyone.  I am not sure how this is
done in BIND v9, I have only used BIND v8. Also I reccomend of course
running BIND as a non-root uid/gid and in chroot(). This may require
some additional setup especially for the chroot().

nate

Reply to:

Follow-Ups:
- Re: bind9 and ipv6
  - From: Craig Dickson <crdic@pacbell.net>
- Re: bind9 and ipv6
  - From: "Tom" <hyperbola@optusnet.com.au>
- Re: bind9 and ipv6
  - From: Rob Weir <rweir@softhome.net>

References:
- bind9 and ipv6
  - From: Kevin Coyner <kevin@rustybear.com>

Prev by Date: treason uncloaked!
Next by Date: Re: [OT] - Interesting politics and the GPL
Previous by thread: bind9 and ipv6
Next by thread: Re: bind9 and ipv6
Index(es):
- Date
- Thread