Skip to content


Fixing IOException: I/O Error on name server

I recently moved quite a few domains from a server to another new one. While testing the new setup with Pingability, I encountered the following errors (repeated a few times):
Error Got an error when connecting to xyz.com/a.b.c.d with a request for xyz.com/CNAME: IOException: I/O Error on name server a.b.c.d for xyz.com.
Heads-up Could not perform the CNAME check. IOException: I/O Error on name server a.b.c.d for xyz.com.

The first suggestion I saw (nothingOS – DNS Server Problems) was to open up port 53 in both UDP in TCP (this is the port used for DNS). I did check that (iptables -L), but as expected since this is a dedicated server (so, most if not all ports opened by default), port 53 was fine.

I then remembered that BIND can be configured to listen only to localhost, and indeed after finding the relevant file this is the default behavior. Simply edit /etc/bind/named.conf.options and replace

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { ::1; };
	listen-on { 127.0.0.1; };
	allow-recursion { 127.0.0.1; };

with

	auth-nxdomain no;    # conform to RFC1035
	listen-on { any; };
	listen-on-v6 { any; };
	//listen-on-v6 { ::1; };
	//listen-on { 127.0.0.1; };
	//allow-recursion { 127.0.0.1; };
	version "BIND";

NB: the version line at the end is irrelevant to the problem, I only add it to mask the version. allow-recursion is also irrelevant to this issue, I believe. I don’t remember why I commented it, probably this was a temporary workaround to some old vulnerability now fixed. Note that commenting it seems to break /etc/init.d/bind9 reload (not a big issue though since you can just do /etc/init.d/bind9 restart instead)

Don’t forget to apply the new configuration (/etc/init.d/bind9 reload or /etc/init.d/bind9 restart)

Posted in Linux, servers.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA