From owner-freebsd-questions@freebsd.org Mon Aug 31 17:57:51 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 784139C74CA for ; Mon, 31 Aug 2015 17:57:51 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 35C341E6D for ; Mon, 31 Aug 2015 17:57:51 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1ZWTKv-0006y0-G7 for freebsd-questions@freebsd.org; Mon, 31 Aug 2015 19:57:41 +0200 Received: from pool-72-66-1-32.washdc.fios.verizon.net ([72.66.1.32]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 31 Aug 2015 19:57:41 +0200 Received: from nightrecon by pool-72-66-1-32.washdc.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 31 Aug 2015 19:57:41 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Subject: Re: BIND - disabling IPv6 lookups Date: Mon, 31 Aug 2015 13:57:28 -0400 Lines: 45 Message-ID: References: Reply-To: nightrecon@hotmail.com Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-72-66-1-32.washdc.fios.verizon.net X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Aug 2015 17:57:51 -0000 Damien Fleuriot wrote: > Hello list, > > > I'm currently experiencing this very weird behaviour with BIND 9.8.7 > running on 10-STABLE and, obviously, installed from ports. > > > I'm trying to prevent BIND from trying to resolve AAAA resource records. > > To this effect, I've added : > named_flags="-4" to /etc/rc.conf, as the man page and several google > searches suggest [1] > > > After restarting BIND, I see it's come back alive with the correct startup > flag : > /usr/local/sbin/named -4 -u bind -c /usr/local/etc/namedb/named.con > > > However, I still see queries for AAAA records : > 13:39:26.990819 IP 10.104.10.252.54566 > 195.158[snip].53: 43577+ [1au] > AAAA? www.tvsembox.com. (45) > > Is that expected behaviour ? > And yes, 10.104.10.252 is the actual FreeBSD box, not a client host trying > to resolve stuff. > > > [1] > https://www.sbarjatiya.com/notes_wiki/index.php/Disabling_IPv6_lookups_in_bind I don't know if this will help, as it's slightly apples to oranges. I use the Bind 9.9.x version from ports so may not apply and I don't know/not sure whether it matters, or not. But there is under the make config in the bind99 port an option: FILTER_AAAA Enable filtering of AAAA records, which seems to be 'off' by default. Not sure this actually applies to your situation. Also don't really know exactly what it does either. Just a $0.02 idea. -Mike