请教，Bind关于纯 IPv6环境的 DNS Server

seacloudy007

不知为什么在纯IPv6环境下无法解析域名，但在同时有v4地址时是可以正常解析v6的域名，可以ping通v6的域名
配置如下  vi /data/bind/etc/named.conf
ptions {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
         listen-on-v6 port 53 {
                any;
        };
}; zone "localhost" {
         type master;
         file "local.zone";
};
zone  "example.jp" {
         type master;
         file "example.zone";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
ip6.int" {
         type master;
         file "localv6.rev";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
ip6.arpa" {
type master;
         file "localv6.rev";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.arpa." {
    type master;
    file "2002::.rev";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.int." {
    type master;
    file "2002::.rev";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.2.ip6.arpa." {
    type master;
    file "2005::.rev";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.2.ip6.int." {
    type master;
    file "2005::.rev";
};


zone文件略

日志
[root@fcm-pxxy2 ~]# /data/bind/sbin/named -gc /data/bind/etc/named.conf
27-Jul-2009 16:33:29.166 starting BIND 9.6.1 -gc /data/bind/etc/named.conf
27-Jul-2009 16:33:29.167 built with '--prefix=/data/bind' '--enable-threads' '--enable-ipv6' '--disable-openssl-version-check'
27-Jul-2009 16:33:29.167 adjusted limit on open files from 1024 to 1048576
27-Jul-2009 16:33:29.167 found 8 CPUs, using 8 worker threads
27-Jul-2009 16:33:29.167 using up to 4096 sockets
27-Jul-2009 16:33:29.171 loading configuration from '/data/bind/etc/named.conf'
27-Jul-2009 16:33:29.172 using default UDP/IPv4 port range: [1024, 65535]
27-Jul-2009 16:33:29.172 using default UDP/IPv6 port range: [1024, 65535]
27-Jul-2009 16:33:29.173 listening on IPv6 interfaces, port 53
27-Jul-2009 16:33:29.176 listening on IPv4 interface lo, 127.0.0.1#53
27-Jul-2009 16:33:29.178 listening on IPv4 interface eth1, 202.*****#53
27-Jul-2009 16:33:29.183 automatic empty zone: 0.IN-ADDR.ARPA
27-Jul-2009 16:33:29.183 automatic empty zone: 127.IN-ADDR.ARPA
27-Jul-2009 16:33:29.183 automatic empty zone: 254.169.IN-ADDR.ARPA
27-Jul-2009 16:33:29.183 automatic empty zone: 2.0.192.IN-ADDR.ARPA
27-Jul-2009 16:33:29.183 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
27-Jul-2009 16:33:29.183 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
27-Jul-2009 16:33:29.184 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
27-Jul-2009 16:33:29.184 automatic empty zone: D.F.IP6.ARPA
27-Jul-2009 16:33:29.184 automatic empty zone: 8.E.F.IP6.ARPA
27-Jul-2009 16:33:29.184 automatic empty zone: 9.E.F.IP6.ARPA
27-Jul-2009 16:33:29.184 automatic empty zone: A.E.F.IP6.ARPA
27-Jul-2009 16:33:29.184 automatic empty zone: B.E.F.IP6.ARPA
27-Jul-2009 16:33:29.186 none:0: open: /data/bind/etc/rndc.key: file not found
27-Jul-2009 16:33:29.186 couldn't add command channel 127.0.0.1#953: file not found
27-Jul-2009 16:33:29.186 none:0: open: /data/bind/etc/rndc.key: file not found
27-Jul-2009 16:33:29.186 couldn't add command channel ::1#953: file not found
27-Jul-2009 16:33:29.186 ignoring config file logging statement due to -g option
27-Jul-2009 16:33:29.186 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\010ip6.arpa/IN: loaded serial 2003121301
27-Jul-2009 16:33:29.187 zone 0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.arpa/IN: loaded serial 2003121301
27-Jul-2009 16:33:29.188 zone 0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.2.ip6.arpa/IN: loaded serial 2003121301
27-Jul-2009 16:33:29.188 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\010ip6.int/IN: loaded serial 2003121301
27-Jul-2009 16:33:29.189 zone 0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.int/IN: loaded serial 2003121301
27-Jul-2009 16:33:29.189 zone 0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.2.ip6.int/IN: loaded serial 2003121301
27-Jul-2009 16:33:29.189 zone example.jp/IN: loaded serial 2008110102
27-Jul-2009 16:33:29.189 zone localhost/IN: loaded serial 2008110701
27-Jul-2009 16:33:29.190 running
27-Jul-2009 16:33:44.530 network unreachable resolving '******.202.in-addr.arpa/PTR/IN': 128.8.10.90#53
27-Jul-2009 16:33:44.530 network unreachable resolving './NS/IN': 192.33.4.12#53
27-Jul-2009 16:33:44.530 network unreachable resolving '171.170.205.202.in-addr.arpa/PTR/IN': 192.33.4.12#53
27-Jul-2009 16:33:44.530 network unreachable resolving './NS/IN': 198.41.0.4#53
27-Jul-2009 16:33:44.530 network unreachable resolving './NS/IN': 192.36.148.17#53
27-Jul-2009 16:33:44.530 network unreachable resolving './NS/IN': 193.0.14.129#53
27-Jul-2009 16:33:44.530 network unreachable resolving './NS/IN': 192.228.79.201#53
27-Jul-2009 16:33:44.945 network unreachable resolving 'NS1.APNIC.NET/A/IN': 192.112.36.4#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS1.APNIC.NET/AAAA/IN': 192.112.36.4#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS1.APNIC.NET/A/IN': 128.63.2.53#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS1.APNIC.NET/AAAA/IN': 199.7.83.42#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS3.APNIC.NET/A/IN': 202.12.27.33#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS1.APNIC.NET/A/IN': 199.7.83.42#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS1.APNIC.NET/AAAA/IN': 192.5.5.241#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS4.APNIC.NET/A/IN': 192.5.5.241#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS1.APNIC.NET/A/IN': 192.203.230.10#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS1.APNIC.NET/AAAA/IN': 192.58.128.30#53
27-Jul-2009 16:33:44.946 network unreachable resolving 'NS3.APNIC.NET/AAAA/IN': 192.5.5.241#53
27-Jul-2009 16:33:44.947 network unreachable resolving 'NS1.APNIC.NET/A/IN': 192.58.128.30#53
27-Jul-2009 16:33:44.947 network unreachable resolving 'NS1.APNIC.NET/AAAA/IN': 192.203.230.10#53
27-Jul-2009 16:33:44.947 network unreachable resolving 'NS3.APNIC.NET/A/IN': 192.5.5.241#53
27-Jul-2009 16:33:44.947 network unreachable resolving 'NS3.APNIC.NET/AAAA/IN': 192.58.128.30#53
27-Jul-2009 16:33:44.947 network unreachable resolving 'NS3.APNIC.NET/A/IN': 192.58.128.30#53
27-Jul-2009 16:33:44.947 network unreachable resolving 'NS3.APNIC.NET/A/IN': 192.203.230.10#53
27-Jul-2009 16:33:44.947 network unreachable resolving 'NS3.APNIC.NET/A/IN': 128.63.2.53#53
27-Jul-2009 16:33:44.999 network unreachable resolving 'NS-SEC.RIPE.NET/AAAA/IN': 192.35.51.30#53
27-Jul-2009 16:33:45.002 network unreachable resolving 'TINNIE.ARIN.NET/A/IN': 192.5.6.30#53
27-Jul-2009 16:33:45.006 network unreachable resolving 'DNS1.TELSTRA.NET/AAAA/IN': 192.42.93.30#53
27-Jul-2009 16:33:45.006 network unreachable resolving 'DNS1.TELSTRA.NET/AAAA/IN': 192.26.92.30#53
27-Jul-2009 16:33:45.008 network unreachable resolving 'TINNIE.ARIN.NET/AAAA/IN': 192.41.162.30#53


奇怪的是为什么他只会用ipv4的根，如果这样的话纯v6的环境下肯定不能解析的
后来禁用ipv4的解析，但仍然去找v4的根
不知道问题出在哪了

[ 本帖最后由 seacloudy007 于 2009-7-27 17:54 编辑 ]

seacloudy007

怎么没有人碰到类似的问题吗？大家没在纯Ipv6环境下部署测试过吗？

llzqq

原帖由 seacloudy007 于 2009-7-28 10:30 发表
怎么没有人碰到类似的问题吗？大家没在纯Ipv6环境下部署测试过吗？

没接触过IPV6，我认为现在IPv6走向实用还有个过程。

seacloudy007

在配置文件中指定了找v6的根域，但好像不起作用，它仍然找v4根域

; <<>> DiG 9.6.1 <<>> -t NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43883
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518269  IN      NS      A.ROOT-SERVERS.NET.
.                       518269  IN      NS      J.ROOT-SERVERS.NET.
.                       518269  IN      NS      H.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     604669  IN      AAAA    2001:503:ba3e::2:30
F.ROOT-SERVERS.NET.     604669  IN      AAAA    2001:500:2f::f
H.ROOT-SERVERS.NET.     604669  IN      AAAA    2001:500:1::803f:235
J.ROOT-SERVERS.NET.     604669  IN      AAAA    2001:503:c27::2:30

日志
29-Jul-2009 10:27:00.442 starting BIND 9.6.1 -gc /data/bind/etc/named.conf
29-Jul-2009 10:27:00.442 built with '--prefix=/data/bind' '--enable-threads' '--enable-ipv6' '--disable-openssl-version-check'
29-Jul-2009 10:27:00.442 adjusted limit on open files from 1024 to 1048576
29-Jul-2009 10:27:00.443 found 8 CPUs, using 8 worker threads
29-Jul-2009 10:27:00.443 using up to 4096 sockets
29-Jul-2009 10:27:00.446 loading configuration from '/data/bind/etc/named.conf'
29-Jul-2009 10:27:00.447 using default UDP/IPv4 port range: [1024, 65535]
29-Jul-2009 10:27:00.447 using default UDP/IPv6 port range: [1024, 65535]
29-Jul-2009 10:27:00.449 listening on IPv6 interfaces, port 53
29-Jul-2009 10:27:00.451 listening on IPv4 interface lo, 127.0.0.1#53
29-Jul-2009 10:27:00.454 listening on IPv4 interface eth1, 202.****#53
29-Jul-2009 10:27:00.457 extra data in root hints 'named.root'
29-Jul-2009 10:27:00.459 automatic empty zone: 0.IN-ADDR.ARPA
29-Jul-2009 10:27:00.459 automatic empty zone: 127.IN-ADDR.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: 254.169.IN-ADDR.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: 2.0.192.IN-ADDR.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: D.F.IP6.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: 8.E.F.IP6.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: 9.E.F.IP6.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: A.E.F.IP6.ARPA
29-Jul-2009 10:27:00.460 automatic empty zone: B.E.F.IP6.ARPA
29-Jul-2009 10:27:00.462 command channel listening on 127.0.0.1#953
29-Jul-2009 10:27:00.462 ignoring config file logging statement due to -g option
29-Jul-2009 10:27:00.462 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\010ip6.arpa/IN: loaded serial 2003121301
29-Jul-2009 10:27:00.463 zone 0.0.127.in-addr.arpa/IN: NS '127.0.0.1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
29-Jul-2009 10:27:00.463 zone 0.0.127.in-addr.arpa/IN: loaded serial 2
29-Jul-2009 10:27:00.464 zone 0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.arpa/IN: loaded serial 2003121301
29-Jul-2009 10:27:00.464 zone 0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.2.ip6.arpa/IN: loaded serial 2003121301
29-Jul-2009 10:27:00.465 zone ****.edu.cn/IN: NS 'dns.***.edu.cn' has no address records (A or AAAA)
29-Jul-2009 10:27:00.465 zone ****.edu.cn/IN: loaded serial 20081120
29-Jul-2009 10:27:00.465 zone open.edu.cn/IN: loaded serial 109
29-Jul-2009 10:27:00.466 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\010ip6.int/IN: loaded serial 2003121301
29-Jul-2009 10:27:00.466 zone 0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.int/IN: loaded serial 2003121301
29-Jul-2009 10:27:00.466 zone 0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.2.ip6.int/IN: loaded serial 2003121301
29-Jul-2009 10:27:00.466 zone example.jp/IN: loaded serial 2008110102
29-Jul-2009 10:27:00.467 zone localhost/IN: loaded serial 2008110701
29-Jul-2009 10:27:00.468 running
29-Jul-2009 10:27:00.468 zone *****.cn/IN: sending notifies (serial 109)
29-Jul-2009 10:27:00.468 zone 0.0.127.in-addr.arpa/IN: sending notifies (serial 2)
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'B.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'C.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'D.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'E.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'F.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'G.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'I.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'K.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:00.688 checkhints: unable to find root NS 'L.ROOT-SERVERS.NET' in hints
29-Jul-2009 10:27:02.594 network unreachable resolving 'C.DNS.cn/AAAA/IN': 203.119.28.1#53
29-Jul-2009 10:27:02.594 network unreachable resolving 'C.DNS.cn/AAAA/IN': 203.119.29.1#53
29-Jul-2009 10:27:02.594 network unreachable resolving 'C.DNS.cn/AAAA/IN': 203.119.25.1#53
29-Jul-2009 10:27:02.594 network unreachable resolving 'B.DNS.cn/AAAA/IN': 203.119.25.1#53
29-Jul-2009 10:27:02.595 network unreachable resolving 'C.DNS.cn/AAAA/IN': 203.119.27.1#53
29-Jul-2009 10:27:02.595 network unreachable resolving 'B.DNS.cn/AAAA/IN': 202.112.0.44#53
29-Jul-2009 10:27:02.595 network unreachable resolving 'C.DNS.cn/AAAA/IN': 202.112.0.44#53
29-Jul-2009 10:27:02.595 network unreachable resolving 'B.DNS.cn/AAAA/IN': 203.119.27.1#53
29-Jul-2009 10:27:02.595 network unreachable resolving 'C.DNS.cn/AAAA/IN': 203.119.26.1#53


难道现在bind做IPV6的dns server 必须要有v4的网络环境去查询

llzqq

也许LZ应该确认一下你的服务器是否能和那些IPV6地址的根服务器通信，即，排除一下是否是网络问题。

seacloudy007

和IPv6的根通信貌似可以
[root@fcm-pxxy2 zones]# telnet 2001:500:1::803f:235 53
Trying 2001:500:1::803f:235...
Connected to 2001:500:1::803f:235 (2001:500:1::803f:235).
Escape character is '^]'.

ping6 2001:500:1::803f:235
PING 2001:500:1::803f:235(2001:500:1::803f:235) 56 data bytes
64 bytes from 2001:500:1::803f:235: icmp_seq=0 ttl=50 time=299 ms
64 bytes from 2001:500:1::803f:235: icmp_seq=1 ttl=50 time=298 ms
64 bytes from 2001:500:1::803f:235: icmp_seq=2 ttl=50 time=297 ms


也试了其它几个根域，telnet和ping6都是通的

[ 本帖最后由 seacloudy007 于 2009-7-30 12:45 编辑 ]

abel

看起來你的 named 並未 listen v6,找一下 v6 listen named 之類的 search 結果看看

满天星

这个也是IPV6下的设置，学习一下，好像反解和上一个顶的帖子不一样