Mixing Business with Pleasure since 1999

How to Disable ipv6 for Bind on Debian

Reading Time: < 1 minutes

For those of you that doesn’t use ipv6 yet there’s a chance it’s still enabled in your system. This isn’t really a bad thing but the log files might get some extra unnecessary cruft in them.

I found this to be true with bind, I was seeing a lot of these errors in my logs:

error (network unreachable) resolving 'elb078639-549105283.us-east-1.elb.amazonaws.com/A/IN': 2600:9000:5307:100::1#53

and found it was caused by IPv6 being enabled in bind, a quick google search will lead you to modifying start up file in /etc/defaults/bind9 with OPTIONS="-4 -u bind" but for some reason this doesn’t work. It’s because there’s a bug in debian bind systemd file which ignores these options. Actually using /etc/defaults/bind9 is deprecated for systemd, where they want us to put runtime configuration now is above me.

As a quick fix so you could replace the ExecStart line in /lib/systemd/system/bind9.service with this ExecStart=/usr/sbin/named -f -4 -u bind, but this might get overwritten by a new package release.

Here’s another workaround which was suggested in the linked thread above:
mkdir /etc/systemd/system/bind9.service.d

echo "[Service]\nExecStart=\nExecStart=/usr/sbin/named -4 -f -u bind" > /etc/systemd/system/bind9.service.d/local.conf

systemctl reenable bind9.service
This is a more permanent solution and will not get overwritten.

There’s one more file you need to modify to prevent bind from querying ipv6, edit /etc/bind/named.conf.options and comment listen-on-v6 { any; };

Now you can reload systemd daemon and restart with:
systemctl daemon-reload
systemctl restart bind9.service


  1. Matt

    Instead of modding systemd files, I found that adding the “-4” option to ‘/etc/default/bind’ works

    • jer

      Your comment is helpful, but e.g. with debian bullseye you should use /etc/default/named and add the -4 OPTIONS=”-u bind” to :
      OPTIONS=”-4 -u bind”

  2. james triplett

    (fairly vanilla Debian Jessie) Looking at /etc/default/bind, i found “-4” already in there. Using your suggestion about /etc/systemd/system, I eventually found Debian’s version of the file at:
    Putting the “-4” in there did the trick.
    Too bad it is not as easy to simply turn on ipv6 to fix the issue…

  3. tim clarke

    Having installed a raspberry pi 4 as a firewall/cum dns server etc, I discovered
    that the file: /etc/default/bind9 is indeed the simplest item to modify;
    the line OPTIONS=”-u bind”
    to OPTIONS=”-4 -u bind”

    What makes life difficult is nothing seems to stay the same between OS releases !!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2023 Jon Kristian

Theme by Anders NorenUp ↑