• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Loads of messages "named[...]: network unreachable resolving '...': 2001:7fe::53#53"

tethis IT

New Pleskian
Server operating system version
Debian 11.6
Plesk version and microupdate number
Obsidian 18.0.49
Hi there,

just want to share what I found out.
Brand new server with Debian 11 / Plesk Obsidian.
Everything seems to work fine, but /var/log/syslog is quickly filled up by messages like that:
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:30b#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:837#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:7e2#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:937#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:408#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:506#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:121#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:21#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:209#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:606#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:606#53
Feb 2 20:51:48 host8 named[395169]: network unreachable resolving 'damon.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:121#53

Basically, every DNS query generates a whole bunch of those.

My server does not have an IPv6 address assigned, IPv6 is not used at all. Still, bind seems to query some nameservers via IPv6. And obviously fails.

You'll find some hints that the named service should be started with the -4 option to restrict it to IPv4. But where to add that parameter?
After some searching I found that Plesk modifies /etc/default/named or /etc/default/bind9 (i guess that depends on the Debian/Ubuntu version being used).
According to the last modification date of those files, Plesk only modify that file during installation, but doesn't touch it when Plesk is updated.

So for me the solution was to change /etc/default/named from
OPTIONS=" -t /var/named/run-root -c /etc/named.conf -u bind -n 2"
to
OPTIONS=" -4 -t /var/named/run-root -c /etc/named.conf -u bind -n 2"
No more "network unreachable resolving..." messages were logged after that.

By the way, you can configure some bind options in Plesk under Tools & Settings / DNS Settings / server-wide settings.
Initially the following settings were present:
version "none";
auth-nxdomain no;
listen-on-v6 { all; };
I modified the last line to
listen-on-v6 { none; };
But those options seem to be ignored.
I assume that any change there should end up in /etc/named.conf or /etc/named-user-options.conf
But the first file does not contain any of those options and the second file doesn't even exist.
This looks like a bug to me, but for now I don't really care.
If required, I would create /etc/named-user-options.conf and put my options there.

Hope this helps :)

Christian Toller
tethis IT
 
Thanks for this @tethis IT I had the same problem in AlmaLinux but in this Linux distribution I had to update the OPTIONS variable in /etc/sysconfig/named.

Code:
OPTIONS="-4 -c /etc/named.conf -u named -n 2"

I suspect it would be similar for RHEL/CentOS/Rocky Linux/etc.
 
Thanks for this @tethis IT I had the same problem in AlmaLinux but in this Linux distribution I had to update the OPTIONS variable in /etc/sysconfig/named.

Code:
OPTIONS="-4 -c /etc/named.conf -u named -n 2"

I suspect it would be similar for RHEL/CentOS/Rocky Linux/etc.
Thanks for this, works very well.

Any chance with Bind custom options? I raised another post where literally anywhere I attempt to add my custom options, they're never considered
 
Back
Top