subject:"Re\: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries\?"

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

2007-12-15 Thread Michael Richardson

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> "Amogh" == Amogh Hooshdar <[EMAIL PROTECTED]> writes:
Amogh> Could you please provide an example of a DNS server which I
Amogh> can install using aptitude? Is bind or bind9 fine for this
Amogh> job?

  Yes. But, "lwresd" package is a local DNS server (a profile for bind9
really) which might be easier to use. Maybe.
 
  I'm not clear on the problem:

  As I understand it, the resolver that you are told to use by your ISP
can not handle responses which include  records?

- --
]Bear: "Me, I'm just the shape of a bear."  |  firewalls  [
]   Michael Richardson,Xelerance Corporation, Ottawa, ON|net architect[
] [EMAIL PROTECTED]  http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBR2Qh+ICLcPvd0N1lAQIOSwgAgg4Z1pDlnINGLXobqn6OHZvDr5VeAwh/
117Wj9Gr3/9Ni20Pm431DgIudZpDM2I5zC+G7Pfw/Tg5BmFyq/I/qdo8/GPY5/Uk
wRhbO7vFL7Av3AD5jscXFh5WMGWn7pq3c627zlNnnIhHkXTI5UQXxbMfq5Qyuir0
hNWqPgG7dw1kgY/QpNYZRe7qCcpjKp041woHvv2pf7kj4bZXQ6CkxnMG8Gl6krKI
grBob/RjVEyevBgSR3Il19hXExy2UYUuc8+/ta5+pDaczKjohJmXT3p2swrsP2tS
qSSfjQVr4mRodYA3ipRoq9EDLkxLjQ16ztcBO+DYJ+qKG4UYtbkQzQ==
=kjHT
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

2007-12-15 Thread Kurt Roeckx

On Sat, Dec 15, 2007 at 09:47:08PM +0530, Amogh Hooshdar wrote:
> Could you please provide an example of a DNS server which I can
> install using aptitude? Is bind or bind9 fine for this job?
> 
> I wonder why this problem doesn't occur with Ubuntu. If the community
> would be interested, I can send some logs from both my Debian and
> Ubuntu system for comparision. Or should I raise this discussion in
> Debian bugs?

See:
http://lists.debian.org/debian-ipv6/2007/07/msg2.html


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

2007-12-15 Thread Amogh Hooshdar

Here are some outputs from Ubuntu that works fine (sends A queries
only) with ipv6 enabled and Debian that does not work fine (sends 
queries) with my DNS server. I have generated this output with the
default settings of both Ubuntu and Debian. So, in the outputs below,
you'll see ipv6 enabled in Debian. However, with ipv6 disabled in
/etc/modprobe.d/aliases, the output remains similar and Debian does
not work with my DNS server.

UBUNTU OUTPUTS:-

$ lsmod | grep ipv6
ipv6  307072  10

$ sudo grep -R ipv6 /etc/
/etc/modprobe.d/aliases:alias net-pf-10 ipv6
/etc/mono/2.0/machine.config:   
/etc/mono/1.0/machine.config:   
/etc/protocols:ipv6 41  IPv6# Internet Protocol, version 6
/etc/protocols:ipv6-route 43IPv6-Route  # Routing Header for IPv6
/etc/protocols:ipv6-frag 44 IPv6-Frag   # Fragment Header for IPv6
/etc/protocols:ipv6-icmp 58 IPv6-ICMP   # ICMP for IPv6
/etc/protocols:ipv6-nonxt 59IPv6-NoNxt  # No Next Header for IPv6
/etc/protocols:ipv6-opts 60 IPv6-Opts   # Destination Options for IPv6
Binary file /etc/alternatives/cli matches
Binary file /etc/alternatives/www-browser matches
/etc/ppp/ipv6-up:if [ -x /etc/ppp/ipv6-up.local ]; then
/etc/ppp/ipv6-up:  exec /etc/ppp/ipv6-up.local "$*"
/etc/ppp/ipv6-up:run-parts /etc/ppp/ipv6-up.d \
/etc/ppp/ipv6-down:if [ -x /etc/ppp/ipv6-down.local ]; then
/etc/ppp/ipv6-down:  exec /etc/ppp/ipv6-down.local "$*"
/etc/ppp/ipv6-down:run-parts /etc/ppp/ipv6-down.d \
/etc/avahi/avahi-daemon.conf:use-ipv6=no
/etc/avahi/avahi-daemon.conf:#publish-a-on-ipv6=no
/etc/sysctl.conf:#net.ipv6.conf.default.forwarding=1
Binary file /etc/X11/X matches

$ cat /etc/resolv.conf
nameserver 192.168.1.1

$ ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 23 2007-12-15 23:41 /etc/resolv.conf

DEBIAN OUTPUTS:-

# lsmod | grep ipv6
ipv6  213856  19

# grep -R ipv6 /etc/ 2> /dev/null
Binary file /etc/dosemu/drives/d/tmp/etherKM1kmz matches
Binary file /etc/dosemu/drives/c/tmp/etherKM1kmz matches
/etc/protocols:ipv6 41  IPv6# Internet Protocol, version 6
/etc/protocols:ipv6-route 43IPv6-Route  # Routing Header for IPv6
/etc/protocols:ipv6-frag 44 IPv6-Frag   # Fragment Header for IPv6
/etc/protocols:ipv6-icmp 58 IPv6-ICMP   # ICMP for IPv6
/etc/protocols:ipv6-nonxt 59IPv6-NoNxt  # No Next Header for IPv6
/etc/protocols:ipv6-opts 60 IPv6-Opts   # Destination Options for IPv6
/etc/avahi/avahi-daemon.conf:use-ipv6=no
/etc/avahi/avahi-daemon.conf:#publish-a-on-ipv6=no
Binary file /etc/X11/X matches
Binary file /etc/alternatives/php matches
Binary file /etc/alternatives/www-browser matches
Binary file /etc/alternatives/emacs matches
Binary file /etc/selinux/refpolicy-targeted/modules/active/base.linked matches
Binary file /etc/selinux/refpolicy-targeted/modules/active/base.pp matches
/etc/selinux/refpolicy-targeted/modules/active/file_contexts.template:/etc/ppp/ipv6-up\..*
 --  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/active/file_contexts.template:/etc/ppp/ipv6-down\..*
   --  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/active/file_contexts:/etc/ppp/ipv6-up\..*
  --  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/active/file_contexts:/etc/ppp/ipv6-down\..*
--  system_u:object_r:bin_t:s0
Binary file /etc/selinux/refpolicy-targeted/modules/previous/base.linked matches
Binary file /etc/selinux/refpolicy-targeted/modules/previous/base.pp matches
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts.template:/etc/ppp/ipv6-up\..*
   --  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts.template:/etc/ppp/ipv6-down\..*
 --  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts:/etc/ppp/ipv6-up\..*
--  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/modules/previous/file_contexts:/etc/ppp/ipv6-down\..*
  --  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/contexts/files/file_contexts:/etc/ppp/ipv6-up\..*
  --  system_u:object_r:bin_t:s0
/etc/selinux/refpolicy-targeted/contexts/files/file_contexts:/etc/ppp/ipv6-down\..*
--  system_u:object_r:bin_t:s0
/etc/security/access.conf:# User "john" should get access from ipv4 as
ipv6 net/mask
/etc/security/access.conf:# User "john" should get access from ipv6 host address
/etc/security/access.conf:# User "john" should get access from ipv6
host address (same as above)
/etc/security/access.conf:# User "john" should get access from ipv6 net/mask
/etc/sysctl.conf:#net.ipv6.ip_forward=1
/etc/modprobe.d/aliases:alias net-pf-10 ipv6

# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.1

# ls -l /etc/resol

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

2007-12-15 Thread Gerdriaan Mulder

Hello Amogh,

As far as I know, there is not an easy way to disable ipv6 completely.
On a Dutch forum
(http://forum.pc-active.nl/viewtopic.php?p=171245&highlight=ipv6#171245)
According to some posters, glibc causes this undesirable effect.
Apparently there is no flag to be set to disable IPv6 lookups and when
you try to remove everything related to IPv6 in glibc, the API will
break; so that isn't an option either.
The guy here: http://www.webservertalk.com/archive291-2005-9-1103159.html
has solved it through adding the two lines to /etc/modprobe.conf, but
you did it in /etc/modprobe.d. I wouldn't see the difference, though.

Unless someone in the glibc community tries to solve this (i.e. adding
such a disableIPv6 flag in the source) I don't think you can totally
stop these IPv6 requests

Greetings
On 12/15/07, Amogh Hooshdar <[EMAIL PROTECTED]> wrote:
> I am using Debian Lenny.
>
> $ uname -a
> Linux mylappy 2.6.18-4-486 #1 Wed May 9 22:23:40 UTC 2007 i686 GNU/Linux
>
> I changed the "alias net-pf-10 ipv6" line to the following two lines.
>
> alias net-pf-10 off
> alias ipv6 off
>
> After rebooting, I checked: lsmod | grep ipv6. Sure enough it is gone
> and the command gives nil output. But when I use bitchx or pidgin to
> connect to irc.freenode.net, I can still see DNS  irc.freenode.net
> type of queries.As a result our DNS server that can't handle
> ipv6 returns 1.0.0.0 as the address and the clients don't work.
>
> (1) First I tried making these changes /etc/modprobe.d/aliases - Result:
> problem persists (Yes, I did reboot after the changes)
>
> (2) Next, I tried adding the two alias off lines in
> /etc/modeprobe.d/00local - Result: problem persists.
>
> (3) Finally, I added the line "blacklist ipv6" towards the top (5th line)
> of /etc/modeprobe.d/blacklist -  Result: still the problem persists.
>
> I have also tried the following as per some suggestions:-
>
> 1. commenting out ipv6 related lines in /etc/hosts
> 2. /etc/init.d/avahi-daemon stop
>
> But they didn't help.
>
> I have succeeded to make Iceweasel work by setting
> network.dns.disableIPv6=true in about:config. But I need a OS-wide
> solution so that all my network apps do not send ipv6 DNS  type
> requests and they work successfully.
>
> Please help me to disable ipv6 completely.
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

2007-12-15 Thread Bastian Blank

On Sat, Dec 15, 2007 at 08:21:13PM +0530, Amogh Hooshdar wrote:
> After rebooting, I checked: lsmod | grep ipv6. Sure enough it is gone
> and the command gives nil output. But when I use bitchx or pidgin to
> connect to irc.freenode.net, I can still see DNS  irc.freenode.net
> type of queries.As a result our DNS server that can't handle
> ipv6 returns 1.0.0.0 as the address and the clients don't work.

This is done by the glibc and can't be disabled. Fix your dns server.
What piece of crap is that anyway which returns such data? A dns server
have to return proper errors if it is not able to handle specific
responses.

> (1) First I tried making these changes /etc/modprobe.d/aliases - Result:
> problem persists (Yes, I did reboot after the changes)

This only changes the module loading. So you don't find the ipv6 module
loaded.

> I have succeeded to make Iceweasel work by setting
> network.dns.disableIPv6=true in about:config. But I need a OS-wide
> solution so that all my network apps do not send ipv6 DNS  type
> requests and they work successfully.

Use an external dns if your own is broken.

Bastian

-- 
It would seem that evil retreats when forcibly confronted.
-- Yarnek of Excalbia, "The Savage Curtain", stardate 5906.5


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

2007-12-15 Thread Amogh Hooshdar

Could you please provide an example of a DNS server which I can
install using aptitude? Is bind or bind9 fine for this job?

I wonder why this problem doesn't occur with Ubuntu. If the community
would be interested, I can send some logs from both my Debian and
Ubuntu system for comparision. Or should I raise this discussion in
Debian bugs?

On Dec 15, 2007 9:40 PM, Nicolás Ruiz <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello:
>
> Amogh Hooshdar wrote:
> > I am using Debian Lenny.
> >
> > $ uname -a
> > Linux mylappy 2.6.18-4-486 #1 Wed May 9 22:23:40 UTC 2007 i686 GNU/Linux
> >
> > I changed the "alias net-pf-10 ipv6" line to the following two lines.
>
> That's an interesting problem, and although I don't have an answer, I
> can tell you that disabling the IPv6 module would not solve the problem.
> You see, the IPv6 module only controls the handling of ipv6 packets sent
> or received, while your problem is generating  queries. Since the
>  queries can be - and in this case are - transported over IPv4, it's
> not working.
>
> The solution should involve the resolver library, which you control via
> /etc/resolv.conf. As far as I can tell, there is no system-wide way to
> prevent the use of IPv6, so no luck there.
>
> The only way I can think of (if you can't just update the DNS server to
> be able to handle IPv6 requests) is to install a local DNS server in
> your own laptop, disable handling (and querying) of  records in the
> DNS server and make it recursive. Finally, point your resolver
> (/etc/resolv.conf) only to your local DNS server.
>
> hope it helps
> nicolás
>
> >
> > alias net-pf-10 off
> > alias ipv6 off
> >
> > After rebooting, I checked: lsmod | grep ipv6. Sure enough it is gone
> > and the command gives nil output. But when I use bitchx or pidgin to
> > connect to irc.freenode.net, I can still see DNS  irc.freenode.net
> > type of queries.As a result our DNS server that can't handle
> > ipv6 returns 1.0.0.0 as the address and the clients don't work.
> >
> > (1) First I tried making these changes /etc/modprobe.d/aliases - Result:
> > problem persists (Yes, I did reboot after the changes)
> >
> > (2) Next, I tried adding the two alias off lines in
> > /etc/modeprobe.d/00local - Result: problem persists.
> >
> > (3) Finally, I added the line "blacklist ipv6" towards the top (5th line)
> > of /etc/modeprobe.d/blacklist -  Result: still the problem persists.
> >
> > I have also tried the following as per some suggestions:-
> >
> > 1. commenting out ipv6 related lines in /etc/hosts
> > 2. /etc/init.d/avahi-daemon stop
> >
> > But they didn't help.
> >
> > I have succeeded to make Iceweasel work by setting
> > network.dns.disableIPv6=true in about:config. But I need a OS-wide
> > solution so that all my network apps do not send ipv6 DNS  type
> > requests and they work successfully.
> >
> > Please help me to disable ipv6 completely.
> >
> >
>
> - --
> A: Because it destroys the flow of conversation.
> Q: Why is top posting dumb?
> - --
> Juan Nicolás Ruiz| Corporación Parque Tecnológico de Mérida
> [EMAIL PROTECTED]   | Mérida - Venezuela
> PGP Key fingerprint = CDA7 9892 50F7 22F8 E379  08DA 9A3B 194B D641 C6FF
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHY/x1mjsZS9ZBxv8RAhE0AJ9opHebffgxAkeyybFQ7YJomkktHQCdE07E
> oZrtknyvbAeHmRWIva7Thqs=
> =9OBd
> -END PGP SIGNATURE-
>
>

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

6 matches

Site Navigation

Mail list logo

Footer information