{"id":502,"date":"2013-06-09T15:55:19","date_gmt":"2013-06-09T18:55:19","guid":{"rendered":"http:\/\/blog.abratel.com.br\/?p=502"},"modified":"2013-06-27T22:49:58","modified_gmt":"2013-06-28T01:49:58","slug":"desabilitar-suporte-ipv6-named-bind","status":"publish","type":"post","link":"https:\/\/blog.abratel.com.br\/?p=502","title":{"rendered":"Instalando bind\/named e desabilitando suporte ipv6"},"content":{"rendered":"<p><strong>Instalar o bind utilizando o yum:<\/strong><\/p>\n<p><strong>yum install bind caching-nameserver<\/strong><\/p>\n<p>chkconfig named on<br \/>\nservice named restart<\/p>\n<p>Use seu editor de textos favorito e edite o arquivo \/etc\/named.caching-nameserver.conf<br \/>\nAp\u00f3s a linha: memstatistics-file &#8220;\/var\/named.conf&#8221;;  adicione o seguinte:<\/p>\n<p>        forwarders { 8.8.8.8; 8.8.4.4; }; \/\/Atente-se aos ponto-e-v\u00edrgula pois se errar, o named n\u00e3o starta<\/p>\n<p>Note que usei DNS do Google, mas voc\u00ea pode adicionar mais DNS usando a nota\u00e7\u00e3o de DNS SERVER seguido de ;<\/p>\n<p><strong>Ap\u00f3s isso, voc\u00ea deve alterar o seu \/etc\/resolv.conf da seguinte forma:<\/strong><\/p>\n<p>nameserver 127.0.0.1<\/p>\n<p>Note que o resolv.conf aponta \u00fanica e exclusivamente para localhost, pois aqui faremos todas as consultas e manteremos em cache.<\/p>\n<p>PS: Se voc\u00ea usa algum cliente para obter o ip da maquina via dhcp, por exemplo dhcp-client, lembre-se de desativar a op\u00e7\u00e3o de sobreescrever o resolve.conf (USEDNS=NO);<\/p>\n<p><strong>Ap\u00f3s isso, vamos reiniciar o cache do DNS:<\/strong><\/p>\n<p>service named restart<br \/>\nrndc flush<br \/>\nrndc reload<\/p>\n<p>Ap\u00f3s reinicie seu Asterisk, e fa\u00e7a os testes de consulta de DNS (usando DIG, nslookup ou qualquer outra ferramenta)<\/p>\n<p><strong>Desabilitando ipv6<\/strong><br \/>\nAp\u00f3s receber dezenas de mensagens no messages resolvi buscar a causa e descobri que era o suporte a ipv6 ativado no named\/bind9\/bind<br \/>\n\/var\/log\/messages <\/p>\n<p>Jun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;C.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 199.7.83.42#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;C.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 192.203.230.10#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;D.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 192.36.148.17#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;E.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 192.36.148.17#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;D.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 128.8.10.90#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;E.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 128.8.10.90#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;G.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 128.8.10.90#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;I.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 128.8.10.90#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;G.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 192.112.36.4#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;I.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 192.112.36.4#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;B.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 192.203.230.10#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;L.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 128.8.10.90#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;B.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 2001:500:1::803f:235#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;L.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 192.112.36.4#53<br \/>\nJun  9 15:08:58 localhost named[28737]: error (network unreachable) resolving &#8216;B.ROOT-SERVERS.NET\/AAAA\/IN&#8217;: 2001:500:2f::f#53<\/p>\n<p>Minha vers\u00e3o do named:<\/p>\n<p>named -v<br \/>\nBIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6<\/p>\n<p><strong>Enfim, v\u00e1rios sites documentava escrever em \/etc\/sysconfig\/named a op\u00e7\u00e3o:<\/strong><br \/>\nOPTIONS=&#8221;-4&#8243;<br \/>\nPorem ao restartar o named sempre falhava o start<\/p>\n<p>Buscando mais afundo achei esse documento que dizia:<\/p>\n<p>http:\/\/www.tldp.org\/HOWTO\/Linux+IPv6-HOWTO\/hints-daemons-bind.html<\/p>\n<p><strong>22.1.1.2. Disable BIND named for listening on IPv6 address<\/strong><br \/>\nTo disable IPv6 for listening, following options are requested to change<br \/>\noptions {<br \/>\n        # sure other options here, too<br \/>\n        listen-on-v6 { none; };<br \/>\n};<\/p>\n<p>Ap\u00f3s, as mensagens aparentemente diminuiram mas nao cessaram.<\/p>\n<p>Por fim resolvi comentar essa linha e voltar com a op\u00e7\u00e3o:<br \/>\n<strong>Comentar a linha abaixo em \/etc\/named.conf<\/strong><\/p>\n<p>\/\/      listen-on-v6 port 53 { ::1; };<\/p>\n<p>E ao final do arquivo \/etc\/sysconfig\/named adicianar a linha:<br \/>\nOPTIONS=&#8221;-4&#8243;<br \/>\n(verifique se as aspas foi inserida corretamente pois ao copiar e colar as vezes h\u00e1 problemas, se o bind n\u00e3o startar insira as aspas manualmente ao inves de CTRL C CTRL V)<\/p>\n<p><strong>DESABILITAR A OPCAO DE SEGURANCA ABAIXO:<\/strong><\/p>\n<p>Por fim realizei um restart do servi\u00e7o e funcionou.<\/p>\n<p><strong>DESATIVAR em named.conf:<\/strong><\/p>\n<p>       dnssec-enable no;<br \/>\n        dnssec-validation no;<\/p>\n<p>\/etc\/init.d\/named restart<br \/>\nParando o named:                                           [  OK  ]<br \/>\nIniciando o named:                                         [  OK  ]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Instalar o bind utilizando o yum: yum install bind caching-nameserver chkconfig named on service named restart Use seu editor de textos favorito e edite o arquivo \/etc\/named.caching-nameserver.conf Ap\u00f3s a linha: memstatistics-file &#8220;\/var\/named.conf&#8221;; adicione o seguinte: forwarders { 8.8.8.8; 8.8.4.4; }; \/\/Atente-se aos ponto-e-v\u00edrgula pois se&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/502"}],"collection":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=502"}],"version-history":[{"count":0,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/502\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}