bind log file

Hi guys
Below is a log fragment from my /var/log/daemon.log file. There are two main entries that I am concerned with.

1 error (network unreachable)

2 success resolving … after reducing the advertised EDNS UDP packet

I have done several Google searches and they seem to suggest either there is a problem with my configuration of iptables or/and bind. To me they look like they are related but I have know Idea what to change. Any suggestions would be very appreciated.

May 10 13:00:30 myserver named[963]: error (network unreachable) resolving '138.157.19.67.psbl.surriel.com/A/IN': 2002:4a5c:3b41:1::65#53 May 10 13:00:30 myserver named[963]: error (network unreachable) resolving '138.157.19.67.iadb.isipp.com/A/IN': 2001:5a8:0:3::3#53 May 10 13:00:30 myserver named[963]: error (network unreachable) resolving 'ns1.webdomainserver.com/AAAA/IN': 2001:503:ba3e::2:30#53 May 10 13:00:30 myserver named[963]: error (network unreachable) resolving 'ns6.kvack.org/A/IN': 2001:500:e::1#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/A/IN': 2001:7fd::1#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns6.kvack.org/AAAA/IN': 2001:503:ba3e::2:30#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/A/IN': 2001:dc3::35#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns6.kvack.org/AAAA/IN': 2001:500:3::42#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns6.kvack.org/AAAA/IN': 2001:500:1::803f:235#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns6.kvack.org/AAAA/IN': 2001:7fd::1#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns2.6host.com/A/IN': 2001:7fd::1#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns2.6host.com/A/IN': 2001:503:ba3e::2:30#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns2.6host.com/AAAA/IN': 2001:500:1::803f:235#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns1.webdomainserver.com/AAAA/IN': 2001:500:2f::f#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns2.6host.com/AAAA/IN': 2001:7fd::1#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/AAAA/IN': 2001:500:48::1#53 May 10 13:00:31 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/AAAA/IN': 2001:500:40::1#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving 'ns2.webdomainserver.com/A/IN': 2001:dc3::35#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving 'ns2.webdomainserver.com/A/IN': 2001:500:1::803f:235#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving 'ns2.6host.com/AAAA/IN': 2001:dc3::35#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving 'ns7.kvack.org/AAAA/IN': 2001:500:f::1#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving 'ns7.kvack.org/AAAA/IN': 2001:500:b::1#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/AAAA/IN': 2001:500:f::1#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving '138.157.19.67.iadb.isipp.com/A/IN': 2001:470:1:41:a800:ff:fe50:3143#53 May 10 13:00:32 myserver named[963]: error (network unreachable) resolving 'ns01.backupdns.com/AAAA/IN': 2001:503:a83e::2:30#53 May 10 13:00:33 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/A/IN': 2620:64:0:1::3#53 May 10 13:00:33 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/A/IN': 2620:64:0:1::6#53 May 10 13:00:33 myserver named[963]: error (network unreachable) resolving 'ns1.sosdg.org/A/IN': 2607:f0d0:1002:db::2#53 May 10 13:00:33 myserver named[963]: error (network unreachable) resolving '138.157.19.67.iadb.isipp.com/A/IN': 2600:2003::76#53 May 10 13:00:33 myserver named[963]: error (network unreachable) resolving 't2.zoneedit.com/AAAA/IN': 2001:503:a83e::2:30#53 May 10 13:00:33 myserver named[963]: success resolving 'ns2-ftsserver.webserversystems.com/AAAA' (in 'webserversystems.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:34 myserver named[963]: error (network unreachable) resolving '138.157.19.67.iadb.isipp.com/A/IN': 2600:2005::76#53 May 10 13:00:34 myserver named[963]: error (network unreachable) resolving '138.157.19.67.iadb.isipp.com/A/IN': 2600:2004::76#53 May 10 13:00:34 myserver named[963]: success resolving '138.157.19.67.psbl.surriel.com/A' (in 'psbl.surriel.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:34 myserver named[963]: error (network unreachable) resolving 's1.rpdns.net/AAAA/IN': 2001:500:3::42#53 May 10 13:00:35 myserver named[963]: success resolving 'ns1.webdomainserver.com/A' (in 'webdomainserver.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns2.webdomainserver.com/A' (in 'webdomainserver.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns1.webdomainserver.com/AAAA' (in 'webdomainserver.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns2.webdomainserver.com/AAAA' (in 'webdomainserver.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns1.webdomainserver.com/A' (in 'webdomainserver.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns2.webdomainserver.com/A' (in 'webdomainserver.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns1-ftsserver2.webserversystems.com/AAAA' (in 'webserversystems.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns2.6host.com/AAAA' (in '6host.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns2-ftsserver2.webserversystems.com/AAAA' (in 'webserversystems.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns2-ftsserver2.webserversystems.com/A' (in 'webserversystems.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns1.6host.com/AAAA' (in '6host.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:35 myserver named[963]: success resolving 'ns2.6host.com/A' (in '6host.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:36 myserver named[963]: success resolving '170.94.81.74.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:36 myserver named[963]: success resolving 'ns6.kvack.org/AAAA' (in 'kvack.org'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:36 myserver named[963]: success resolving 't1.zoneedit.com/AAAA' (in 'zoneedit.com'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:36 myserver named[963]: success resolving '174.94.81.74.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:36 myserver named[963]: success resolving 'xlns2.rpdns.net/A' (in 'rpdns.net'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:36 myserver named[963]: success resolving 'ns2-ftsserver.webserversystems.com/A' (in 'webserversystems.com'?) after disabling EDNS May 10 13:00:37 myserver named[963]: success resolving '139.157.19.67.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:37 myserver named[963]: success resolving '140.157.19.67.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets May 10 13:00:39 myserver named[963]: success resolving 'ns1-ftsserver2.webserversystems.com/A' (in 'webserversystems.com'?) after disabling EDNS May 10 13:00:39 myserver named[963]: success resolving 'ns1-ftsserver.webserversystems.com/AAAA' (in 'webserversystems.com'?) after disabling EDNS

Howdy,

Well, ignoring the logfile for just a moment… are you actually seeing any problems, or receiving any customer complaints? Does your server, and in particular, DNS, seem to be working?

It’s not uncommon to see a variety of lookup failures in the logs…

-Eric

Hi Eric
Thanks for your help. No I am not seeing any particular problems or receiving any customer complaints, and yes the server and DNS seem to be working. However I am receiving several thousand log entries, like those in my first post, per day.

When I looked up the log entry on google the responses said that IPv6 was not working to fix this you have to start the bind damon with “-4” (IPv4 only). Other responses suggested that IPTables UDP cannot handle responses longer than 512 octets with simular limiting suggestions. However before I rushed head long into changing things I thought I would ask for your sage advice.

Thanks
Allan