Do you see “Named error network unreachable” in your system log files and surprised why there were so many such entries? Why named is not able to resolve those domain names? And first of all, why the server has to resolve those domains without any reason? Is this a security attack? Well, these questions came to my mind when I saw the system log constantly added with “Named error network unreachable” messages.
In this tutorial, i’ll explain how to fix this error. Before that, have a look at what I saw in /var/log/messages
named[1113]: error (network unreachable) resolving 'ns1.apnic.net/A/IN': 2001:dc3::35#53 named[1113]: error (network unreachable) resolving 'ns2.lacnic.net/A/IN': 2001:dc3::35#53 named[1113]: error (network unreachable) resolving 'ns3.apnic.net/A/IN': 2001:dc3::35#53 named[1113]: error (network unreachable) resolving 'ns1.apnic.net/AAAA/IN': 2001:dc3::35#53 named[1113]: error (network unreachable) resolving 'a1.verisigndns.com/A/IN': 2001:500:2f::f#53
How to fix Named error network unreachable
Looking at the error message closely, named
was trying to resolve IPv6 addresses. But the system does not have an IPv6 networking configured and that was the reason behind this error.
I quickly verified if named was set to listen on IPv6 address.
# vim /etc/named.conf
options { listen-on port 53 { 127.0.0.1; }; //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; };
In the above snapshot, listen-on-v6 port 53 { ::1; } has been commented out meaning bind/named is not listening on IPv6 address. Finally, I understand that the configuration was missing with the below option.
OPTIONS="-4"
To fix this error, all you need to do is open the named
file located under /etc/sysconfig/
and added the said option.
# vim /etc/sysconfig/named
Copy and paste the below line.
OPTIONS="-4"
Save the file and restart named service.
# systemctl restart named
Confirm that the named service is running.
# systemctl status named
That’s it! Get back to system log (/var/log/messages
) and see if those errors still captured.
Is this a security attack? In most cases, it’s normal and setting the above option should stop the error. But again it depends on what services are running on the system.
Note: In some Linux flavors, the configuration files of named/bind might be in different location.
Worked for me on Rocky Linux 8! Thanks!
This does not work on Fedora 33 server running isc-bind-named 9.16.12.
Please provide a working solution for the above issue.