Re: query issue
On 29/03/2012 17:35, Paul A wrote: Hi Paul, However when I query kingstonmass.org I don't see any returned answer and it eventually times out. 11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795 b2.org.afilias-nst.org.domain: 54297 NS? kingstonmass.org. (34) Again when querying this with my other DNS server it works fine. On the server I'm having issues with I can ping all the pingable org servers and the NS servers for the domain in question. I notice that the query is going out with an IPv6 source address. Do you have any firewalls or router ACLs blocking DNS back to IPv6 addresses in your network? I also note that kingstonmass.org has delegation to 2 name servers in the ORG zone, but 3 name servers at its apex. The additional name server, mns01.domaincontrol.com, gives a REFUSED response to a query for the domain. Regards, Anand Buddhdev RIPE NCC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: query issue
Looking further into this I do have an ipv6 on that server, a 6to4 ip (which I didn't configure and I have to figure out how it got there). However I notice sometimes the query goes out as ipv6 6to4 ip and sometimes as an ipv4 but I'm not sure why that is if anyone can explain why some queries are sourced from the 6to4 ipv6 instead of the ipv4 ip that would be great. Looks like when it goes out as a ipv6 6to4 ip I'm not getting a returned answers which makes sense because I have no relay routers for ipv6 packets coming in. paul -Original Message- From: bind-users-bounces+pamaral=meganet@lists.isc.org [mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On Behalf Of Anand Buddhdev Sent: Thursday, March 29, 2012 11:46 AM To: Paul A Cc: bind-us...@isc.org Subject: Re: query issue On 29/03/2012 17:35, Paul A wrote: Hi Paul, However when I query kingstonmass.org I don't see any returned answer and it eventually times out. 11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795 b2.org.afilias-nst.org.domain: 54297 NS? kingstonmass.org. (34) Again when querying this with my other DNS server it works fine. On the server I'm having issues with I can ping all the pingable org servers and the NS servers for the domain in question. I notice that the query is going out with an IPv6 source address. Do you have any firewalls or router ACLs blocking DNS back to IPv6 addresses in your network? I also note that kingstonmass.org has delegation to 2 name servers in the ORG zone, but 3 name servers at its apex. The additional name server, mns01.domaincontrol.com, gives a REFUSED response to a query for the domain. Regards, Anand Buddhdev RIPE NCC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: query issue
On 3/29/2012 11:45 AM, Anand Buddhdev wrote: On 29/03/2012 17:35, Paul A wrote: Hi Paul, However when I query kingstonmass.org I don't see any returned answer and it eventually times out. 11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795 b2.org.afilias-nst.org.domain: 54297 NS? kingstonmass.org. (34) Again when querying this with my other DNS server it works fine. On the server I'm having issues with I can ping all the pingable org servers and the NS servers for the domain in question. I notice that the query is going out with an IPv6 source address. Specifically, a 6to4 address, with 198.144.140.198 (otherwise known as c690:8cc6) as the IPv4 endpoint of the tunnel. This was originally specified in RFC 3056 (http://www.rfc-editor.org/rfc/rfc3056.txt), but more recently there has been an informational RFC (http://www.rfc-editor.org/rfc/rfc6343.txt) enumerating the many problems associated with 6to4, and casting doubt on its long-term viability as an IPv4-to-IPv6 transition mechanism - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: query issue
At 08:45 29-03-2012, Anand Buddhdev wrote: I also note that kingstonmass.org has delegation to 2 name servers in the ORG zone, but 3 name servers at its apex. The additional name server, mns01.domaincontrol.com, gives a REFUSED response to a query for the domain. From mns01.domaincontrol.com: ;; ANSWER SECTION: kingstonmass.org. 3600IN NS mns02.domaincontrol.com. kingstonmass.org. 3600IN NS mns01.domaincontrol.com. ns1.gis.net and ns2.gis.net return a different answer. Regards, -sm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: query issue
Aside from the NS issue the problem was def related to having an 6to4 ipv6 address on the eth0 interface of my name server. Once I removed that ipv6 ip all is working well. Which leaves me with some questions, Does bind try on an ipv6 addr 1st? I suspect it does. The name servers for the domain below on the whois are ns2/ns1/gis.net so I should have been querying those servers which don't have ipv6 addr however they have an NS record in the zone pointing to mns01.domaincontrol.com which has an ipv6 addr but it's not listed on the whois output. Basically im not sure why my queries for kingstonmass.org where being sourced from an ipv6. ;; ANSWER SECTION: kingstonmass.org. 3387IN NS ns2.gis.net. kingstonmass.org. 3387IN NS ns1.gis.net. kingstonmass.org. 3387IN NS mns01.domaincontrol.com. ;; ADDITIONAL SECTION: mns01.domaincontrol.com. 67665 IN A 216.69.185.34 mns01.domaincontrol.com. 67665 IN 2607:f208:206::22 thanks Paul -Original Message- From: bind-users-bounces+pamaral=meganet@lists.isc.org [mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On Behalf Of SM Sent: Thursday, March 29, 2012 1:14 PM To: bind-us...@isc.org Subject: Re: query issue At 08:45 29-03-2012, Anand Buddhdev wrote: I also note that kingstonmass.org has delegation to 2 name servers in the ORG zone, but 3 name servers at its apex. The additional name server, mns01.domaincontrol.com, gives a REFUSED response to a query for the domain. From mns01.domaincontrol.com: ;; ANSWER SECTION: kingstonmass.org. 3600IN NS mns02.domaincontrol.com. kingstonmass.org. 3600IN NS mns01.domaincontrol.com. ns1.gis.net and ns2.gis.net return a different answer. Regards, -sm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: query issue
In message 012901cd0de7$fcf45590$f6dd00b0$@net, Paul A writes: Aside from the NS issue the problem was def related to having an 6to4 ipv6 address on the eth0 interface of my name server. Once I removed that ipv6 ip all is working well. Which leaves me with some questions, Does bind try on an ipv6 addr 1st? I suspect it does. All things being equal, yes it will try IPv6 first. However most of the time there is some history and it will make other decisions. The name servers for the domain below on the whois are ns2/ns1/gis.net so I should have been querying those servers which don't have ipv6 addr however they have an NS record in the zone pointing to mns01.domaincontrol.com which has an ipv6 addr but it's not listed on the whois output. Basically im not sure why my queries for kingstonmass.org where being sourced from an ipv6. The queries are sent to that address because named has learnt that mns01.domaincontrol.com has a IPv6 address. mns01.domaincontrol.com isn't responding to me over IPv6 either. ;; ANSWER SECTION: kingstonmass.org. 3387IN NS ns2.gis.net. kingstonmass.org. 3387IN NS ns1.gis.net. kingstonmass.org. 3387IN NS mns01.domaincontrol.com. ;; ADDITIONAL SECTION: mns01.domaincontrol.com. 67665 IN A 216.69.185.34 mns01.domaincontrol.com. 67665 IN 2607:f208:206::22 thanks Paul -Original Message- From: bind-users-bounces+pamaral=meganet@lists.isc.org [mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On Behalf Of SM Sent: Thursday, March 29, 2012 1:14 PM To: bind-us...@isc.org Subject: Re: query issue At 08:45 29-03-2012, Anand Buddhdev wrote: I also note that kingstonmass.org has delegation to 2 name servers in the ORG zone, but 3 name servers at its apex. The additional name server, mns01.domaincontrol.com, gives a REFUSED response to a query for the domain. From mns01.domaincontrol.com: ;; ANSWER SECTION: kingstonmass.org. 3600IN NS mns02.domaincontrol.com. kingstonmass.org. 3600IN NS mns01.domaincontrol.com. ns1.gis.net and ns2.gis.net return a different answer. Regards, -sm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
