CentOS 5 – BIND/named network unreachable resolving issue

Disable the IPV6 in BIND. For CentOS 5.4, edit the /etc/sysconfig/named file and add the following options into the BIND startup

OPTIONS=”-4″

This will cause the BIND server to only resolve or use IPV4 and disable IPV6 support. Save the file and restart BIND server.

via CentOS 5 – BIND/named network unreachable resolving issue | hafizonline.net blog.

This has been going on for months and I finally noticed these errors from named filling up syslog.  The above fix worked and now syslog is quiet again — the way it should be.

BIND 9.7.2 and automatic DNSSEC signing

BIND 9.7.0 introduced automatic in-server signature re-freshing and automatic key rollover. This allows BIND 9.7, if provided with the DNSSEC private key files, to sign records as they are added to the zone, or as the signatures need to be refreshed. This refresh happens periodically to spread out the load on the server and to even out zone transfer load.

via BIND 9.7.2 and automatic DNSSEC signing | Internet Systems Consortium.