Re: ipv4-mapped reverse lookups

[Lawrence K. Chen, P.Eng.]

Well, it seems to work testing it...

But, the systems that are having trouble are still having trouble.  Though 
taking a closer look at the logs of one of the systems, the problem started in 
April 2009 (and the system was rebooted shortly after that point, and the 
problem continued...)

Since it was only brought to my attention yesterday, and the admins that were 
regularly using it after the problem started aren't here anymorejust 
another thing left for us to find later.  And, I guess I haven't used it that 
muchprobably since I stopped updating bind for servers of that OS version.

Something about bind not liking openssl-0.9.7d anymore.



- Original Message -
> 
> In message <9efac3c5-c5be-43f8-b7f4-2be8ba30d...@isc.org>, Mark
> Andrews writes:
> > One could also look at the dns64 reverse code to do this. It
> > synthesises
> > cname records on the fly.
> > 
> > Mark
> > 
> 
> e.g.
> 
>   zone "f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
>   type master;
>   database "_dns64 dns64 . .";
>   };
> 
>   One can also spectify the MNAME and RNAME fields of the SOA
>   record along with the NS name by replacing the last two fields
>   of the database description.
> 
>   database "_dns64 dns64 ns.example.net. hostmaster.example.net.";
> 
>   Mark
> 
> ; <<>> DiG 9.10.0pre-alpha <<>> +norec -p  -x :::1.2.3.4
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48724
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;4.0.3.0.2.0.1.0.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
> IN PTR
> 
> ;; ANSWER SECTION:
> 4.0.3.0.2.0.1.0.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
> 600 IN CNAME 4.3.2.1.in-addr.arpa.
> 
> ;; AUTHORITY SECTION:
> . 518400  IN  NS  A.ROOT-SERVERS.NET.
> . 518400  IN  NS  B.ROOT-SERVERS.NET.
> . 518400  IN  NS  L.ROOT-SERVERS.NET.
> . 518400  IN  NS  D.ROOT-SERVERS.NET.
> . 518400  IN  NS  C.ROOT-SERVERS.NET.
> . 518400  IN  NS  K.ROOT-SERVERS.NET.
> . 518400  IN  NS  H.ROOT-SERVERS.NET.
> . 518400  IN  NS  M.ROOT-SERVERS.NET.
> . 518400  IN  NS  I.ROOT-SERVERS.NET.
> . 518400  IN  NS  E.ROOT-SERVERS.NET.
> . 518400  IN  NS  G.ROOT-SERVERS.NET.
> . 518400  IN  NS  F.ROOT-SERVERS.NET.
> . 518400  IN  NS  J.ROOT-SERVERS.NET.
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#(127.0.0.1)
> ;; WHEN: Tue Jul 09 12:21:46 EST 2013
> ;; MSG SIZE  rcvd: 342
> 
> 
> > On 09/07/2013, at 8:27, Mark Andrews  wrote:
> > 
> > > Getnameinfo and gethostbyaddr are supposed to lookup the
> > > in-addr.arpa recor
> > ds instead of ip6.arpa records for mapped addresses. If you only
> > have a limit
> > ed range of addresses one could use $generate to add cname records
> > which map
> > from ip6.arpa to in-addr.arpa.
> > > 
> > > Mark
> > > 
> > > On 09/07/2013, at 8:12, "Lawrence K. Chen, P.Eng."
> > >  wrote:
> > > 
> > >> For reasons unknown, some old Solaris servers are suddenly
> > >> seeing connecti
> > ons to them as ipv4-mapped ipv6 (ie: :::10.20.30.40 )  Which is
> > causing p
> > roblems because it needs the reverse lookup to be right.
> > >> 
> > >> So while we struggle between spending time to investigate why or
> > >> continue
> > to try to get people to upgrade from these old forgotten servers.
> > >> 
> > >> Is there an easy way for me to provide reverse lookups for
> > >> those?
> > >> 
> > >> --
> > >> Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems
> > >> Administrator
> > >> For: Enterprise Server Technologies (EST) -- & SafeZone Ally
> > >> Snail: Computing and Telecommunications Services (CTS)
> > >> Kansas State University, 109 East Stadium, Manhattan, KS
> > >> 66506-3102
> > >> Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email:
> > >> lkc...@ksu.edu
> > >> Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale
> > >> Library
> > >> ___
> > >> Please visit https://lists.isc.org/mailman/listinfo/bind-users
> > >> to unsubscr
> > ibe from this list
> > >> 
> > >> bind-users mailing list
> > >> bind-users@lists.isc.org
> > >> https://lists.isc.org/mailman/listinfo/bind-users
> > > ___
> > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > > unsubscri
> > be from this list
> > > 
> > > bind-users mailing list
> > > bind-users@lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > _

Re: Reverse Lookups with Forwarders

[sumsum 2000]

Thanks for the info


On Tue, Jul 9, 2013 at 1:03 PM, Matus UHLAR - fantomas wrote:

> On 09.07.13 11:51, sumsum 2000 wrote:
>
>> I have a reverse lookup zone file configuration as follows:
>> zone "0/24.110.252.173.in-addr.**arpa" {
>>
> [...]
>
>  When I do dig -x 172.252.110.27, I expect it to forward it to
>> 10.10.96.1, but instead, it uses the default resolver.
>>
> [...]
>
>  So if DNS Server X is configured against this zone
>> , then any reverse DNS request for 173.252.110.0-173.252.110.255
>> should be forwarded via DNS Server X
>>
>
>  Currently this is not the case. There is no forwarding in the above
>> scenario ( where CIDR notation x.x.x.x/Mask is used)
>>
>
> Neither the BIND nor DNS does use the CIDR format.
> the resursive resolution searches for 27.110.252.173.in-addr.arpa which
> does
> NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names.
>
> You would have to set up either zone 27.110.252.173.in-addr.arpa or
> 110.252.173.in-addr.arpa.
>
>> Only when the zone file is changed to
>>zone "110.252.173.in-addr.arpa" IN {
>>
>> All the requests for
>>
>> 173.252.110.0-173.252.110.255  is forwarded to 10.10.96.1.
>>
>
> Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
> belongs to facebook, as already noted.
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 99 percent of lawyers give the rest a bad name.
> __**_
>
> Please visit 
> https://lists.isc.org/mailman/**listinfo/bind-usersto
>  unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/**listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Reverse Lookups with Forwarders

[btb]

On 2013.07.09 03.18, sumsum 2000 wrote:

What I am trying to achieve is this:

I am using BIND9 only for forwarding DNS requests to other DNS Servers.

I  want the entire hosts in the
network   : 173.252.110.0
with the host range: 173.252.110.1 - 173.252.110.254
  with a total 254 addresses to be sent for reverse lookup say to DNS :
8.8.8.8, using a single zone configuration as shown below.


yes, but what is the actual problem?  that is facebook address space - 
not yours.  why are you mucking with it?

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND10 Upstart Script

[Miles Brennan]

Hey All.

 

New list user here.. Miles from Brisbane.AU, currently tinkering with BIND10
just to see what it's like and evaluate stability for potential use in a
startup.

 

Background: A Geek!, I authored the Linux Home Server HOWTO
(www.brennan.id.au  ) a few years back to make it
easier for users to build their own home environment.

 

I looked long and hard for a good init / upstart script for BIND10, but
ended up writing my own to suit my CentOS 6.4 environment.

 

I thought you might like it for your WIKI so others can start playing with
BIND10 a little more.

 

Usage.

-initctl start bind10

-initctl restart bind10

-initctl stop bind10

 

Cheers,

Miles

 



 

vi /etc/init/bind10.conf

 

 

description "BIND10 is a DNS server with DHCPv4 and DHCPv6 server support"

 

env
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:
/usr/local/libexec/bind10

export PATH

 

start on runlevel [345]

stop on runlevel [0126]

 

pre-start script

 

exec logger -p user.warning -t upstart-bind10 "BIND10 daemon
starting"

 

end script

 

exec b10-init --user bind --config-file /usr/local/var/bind10/b10-config.db
\

   --pid-file /usr/local/var/bind10/bind10.pid \

   --msgq-socket-file /usr/local/var/bind10/msgq_socket \

   --data-path /usr/local/var/bind10 --cmdctl-port 8080

 

#pre-stop

 

post-stop exec logger -p user.warning -t upstart-bind10 "BIND10 daemon
stopped"

 

respawn

kill timeout 30

console none

 

 

 

 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Reverse Lookups with Forwarders

[Matus UHLAR - fantomas]

On 09.07.13 11:51, sumsum 2000 wrote:

I have a reverse lookup zone file configuration as follows:
zone "0/24.110.252.173.in-addr.arpa" {

[...]

When I do dig -x 172.252.110.27, I expect it to forward it to
10.10.96.1, but instead, it uses the default resolver.

[...]

So if DNS Server X is configured against this zone
, then any reverse DNS request for 173.252.110.0-173.252.110.255
should be forwarded via DNS Server X



Currently this is not the case. There is no forwarding in the above
scenario ( where CIDR notation x.x.x.x/Mask is used)


Neither the BIND nor DNS does use the CIDR format.
the resursive resolution searches for 27.110.252.173.in-addr.arpa which does
NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names.

You would have to set up either zone 27.110.252.173.in-addr.arpa or
110.252.173.in-addr.arpa. 


Only when the zone file is changed to
   zone "110.252.173.in-addr.arpa" IN {

All the requests for

173.252.110.0-173.252.110.255  is forwarded to 10.10.96.1.


Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
belongs to facebook, as already noted.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Reverse Lookups with Forwarders

[Doug Barton]

Ok, simple. The zone you want to forward is 110.252.173.in-addr.arpa. 
There is no need to make it more complicated than that.


Good luck,

Doug


On 07/09/2013 12:18 AM, sumsum 2000 wrote:

What I am trying to achieve is this:

I am using BIND9 only for forwarding DNS requests to other DNS Servers.

I  want the entire hosts in the
network   : 173.252.110.0
with the host range: 173.252.110.1 - 173.252.110.254
  with a total 254 addresses to be sent for reverse lookup say to DNS :
8.8.8.8, using a single zone configuration as shown below.

Instead of having a zone file for each and every IP in the network, i
want to use one zone file to have all the hosts  in the  network
173.252.110.0 to be forwarded to 8.8.8.8.
So when i do a dig -x 173.252.110.27 which is in the range of the
specified network, i want  it be forwarded to only 8.8.8.8

When i do  dig on a specific address, it gets resolved, but not through
the configured DNS 8.8.8.8, but through default DNS 8.8.4.4.  I hope
this explains the situation which i am trying to solve with a zone file
delegation.

I am not sure if the zone file configuration is correct.

==
dig -x 173.252.110.27,

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-14.mlos2.mwg <<>> -x 173.252.110.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16896
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;27.110.252.173.in-addr.arpa.INPTR

;; ANSWER SECTION:
27.110.252.173.in-addr.arpa. 39INPTR
edge-star-shv-13-frc1.facebook.com
.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul  9 07:11:49 2013
;; MSG SIZE  rcvd: 93



named.conf
==
 # named.conf
 options {
 listen-on port 53 { 127.0.0.1; };
 listen-on-v6 port 53 { ::1; };
 allow-query {localhost;};
 recursion yes;
 dump-file   "/var/named/data/cache_dump.db";
 statistics-file "/var/named/data/named_stats.txt";
 memstatistics-file
"/var/named/data/named_mem_stats.txt";


 directory "/var/named";
 version "none";
 max-cache-size 134217728;
 forward only;
 };

 include "/etc/rndc.key";
 include "/etc/named.conf.test";

named.conf.test:
==
 view "default" IN {
 max-cache-ttl 600;
 max-ncache-ttl 600;

 zone  "." IN  {
 type forward;
 forwarders {8.8.4.4;};
 forward only;
 };


 zone "0/24.110.252.173.in-addr.arpa" IN {
 type forward;
 forwarders {8.8.8.8;};
 forward only;
 };
 };
~


On Tue, Jul 9, 2013 at 12:23 PM, Doug Barton mailto:do...@dougbarton.us>> wrote:

It's not at all clear from your description what you're trying to
accomplish. Particularly it's not clear what you seem to be trying
to accomplish with the 2317 delegation for a /24 zone.

Can you describe what you're trying to do, and why? It may be easier
to help you that way. Please use the actual zone(s) you're working
with, as that will also make it easier.

Doug

https://dougbarton.us/DNS/__bind-users-FAQ.html#RealNames





___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Reverse Lookups with Forwarders

[sumsum 2000]

What I am trying to achieve is this:

I am using BIND9 only for forwarding DNS requests to other DNS Servers.

I  want the entire hosts in the
network   : 173.252.110.0
with the host range: 173.252.110.1 - 173.252.110.254
 with a total 254 addresses to be sent for reverse lookup say to DNS :
8.8.8.8, using a single zone configuration as shown below.

Instead of having a zone file for each and every IP in the network, i want
to use one zone file to have all the hosts  in the  network 173.252.110.0
to be forwarded to 8.8.8.8.
So when i do a dig -x 173.252.110.27 which is in the range of the specified
network, i want  it be forwarded to only 8.8.8.8

When i do  dig on a specific address, it gets resolved, but not through the
configured DNS 8.8.8.8, but through default DNS 8.8.4.4.  I hope this
explains the situation which i am trying to solve with a zone file
delegation.

I am not sure if the zone file configuration is correct.

==
dig -x 173.252.110.27,

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-14.mlos2.mwg <<>> -x 173.252.110.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16896
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;27.110.252.173.in-addr.arpa.INPTR

;; ANSWER SECTION:
27.110.252.173.in-addr.arpa. 39INPTR
edge-star-shv-13-frc1.facebook.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul  9 07:11:49 2013
;; MSG SIZE  rcvd: 93



named.conf
==
# named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
allow-query {localhost;};
recursion yes;
dump-file   "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";


directory "/var/named";
version "none";
max-cache-size 134217728;
forward only;
};

include "/etc/rndc.key";
include "/etc/named.conf.test";

named.conf.test:
==
view "default" IN {
max-cache-ttl 600;
max-ncache-ttl 600;

zone  "." IN  {
type forward;
forwarders {8.8.4.4;};
forward only;
};


zone "0/24.110.252.173.in-addr.arpa" IN {
type forward;
forwarders {8.8.8.8;};
forward only;
};
};
~


On Tue, Jul 9, 2013 at 12:23 PM, Doug Barton  wrote:

> It's not at all clear from your description what you're trying to
> accomplish. Particularly it's not clear what you seem to be trying to
> accomplish with the 2317 delegation for a /24 zone.
>
> Can you describe what you're trying to do, and why? It may be easier to
> help you that way. Please use the actual zone(s) you're working with, as
> that will also make it easier.
>
> Doug
>
> https://dougbarton.us/DNS/**bind-users-FAQ.html#RealNames
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users