I set up a new ubuntu 20.04 server and installed BIND 9.16.1-Ubuntu. Then I copied the bind configuration from my old ubuntu 16.04.7 running BIND 9.10.3-P4-Ubuntu.
When I try to start bind on the new server I get this error.
/etc/bind/named.conf.options:15: '::1/64': address/prefix length mismatch '64'
Here is my /etc/bind/named.conf.options file.
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;
dump-file "/var/cache/bind/named_dump.db";
statistics-file "/var/cache/bind/named.stats";
listen-on port 53 { 0.0.0.0/0; };
listen-on-v6 port 53 { any; };
allow-query { 0.0.0.0/0; ::/0; };
version "DNS";
allow-recursion {
127.0.0.0/8; ::1/64;
10.10.0.0/24; 1000:1000:1000:1000::/56;
};
allow-transfer {
127.0.0.1; ::1;
};
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa";
notify yes;
masterfile-format text;
};
What is wrong with this prefix?
What has changed in bind 9.16 cause same file works perfect with bind 9.10?
In many places in the options you can manage what devices or what networks are allowed to transact with the DNS server.
When specifying single IP address, you need to either use binary all 1s mask, 32bit long for IPv4 (CIDR /32) and 128bit long for IPv6 (CIDR /128) or omit the mask.
In case you are specifying the network, you should not over specify it.
::1is an IP address while the mask/64is suggesting a network so the mask is over specified.If you wish to use
::1IP address then mask should be/128or omitted like in the "allow-transfer" section.1000:1000:1000:1000::/56subnet is incorrect because it is from range reserved by IETFGlobal Unicast addresses are in
2000::/3range,Unique Local Unicast
fc00::/7,Link-scoped Unicast
fe80::/10,Multicast
ff00::/8.Other addresses are reserved.
If you don't use IPv6 in your network, I would recommend to remove them from your configuration.