If you are running a Bind 9.x server, there may be times where you need to disable IPv6 name resolution through the name server. To do so, with sudo access, do the following steps.
1. Edit the /etc/sysconfig/named file, and insert the following:
OPTIONS="-4"
2. To filter AAAA records on your name server, the following conditions have to be met :
- BIND 9 must be compiled with a special build-time option (
./configure --enable-filter-aaaa), and - an options statement to enable it (for example,
filter-aaaa-on-v4 yes;and/orfilter-aaaa-on-v6 yes;) must be declared innamed.conf. - the client must not be blocked in the
filter-aaaaACL (this defaults toany, so is not generally the case)
For example : to filter AAAA records on the IPv4 protocol, edit the /etc/named.conf file to include the following statement in the 'options' section:
filter-aaaa-on-v4 yes;
Optionally, if you no longer want your name server listening to IPv6, add a comment '//' at the start of the line
listen-on-v6 port 53 { ::1; };
3. Finally, restart the Bind service using the following command.
service named restart
If there are any error messages on startup, look at the /var/log/messages file to diagnose the issue.
1) Filter AAAA option in Bind 9 (ISC Knowledgebase) - 
About the author |
|
 |
Tom Thorp is an IT Consultant living in Miami on Queensland's Gold Coast. With over 30+ years working in the IT industry, Tom's experience is a broad canvas. The IT services Tom provides to his clients, includes :
Website development and hosting
Database Administration Server Administration (Windows, Linux, Apple) PABX Hosting and Administration Helpdesk Support (end-user & technical). |
If you like any of my content, consider a donation via Crypto by clicking on one of the payment methods :
|
|
