Re: What's new on the 127.0.0/24 block in 7?
Quoting Mark Andrews [EMAIL PROTECTED]:
Quoting Mark Andrews [EMAIL PROTECTED]:
Quoting Andy Dills [EMAIL PROTECTED]:
On Mon, 3 Mar 2008, Chris H. wrote:
Are you sure it's a /24 you are talking about? My 7.0 disks install
127.0.0.1/8 here.
Really? Where did you get the install disc? Mine clearly doesn't. :(
All I am provided is 127.0.0.1 - not 127.0.0.2,3...
127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0.
It doesn't
imply a default behavior of binding to any other address than
127.0.0.1.
But I'm still really confused what you're trying to do...
See, the idea of returning multiple 127.0.0.X addressess within
RBL is t
o
convey different information while using a single zone.
In the beginning, the RBLs would just reply with 127.0.0.1 and use
different zones to imply different contexts...now you use a single zone
with different 127.0.0.X addresses to convey the same information.
But...you don't actually do anything with that resolution
beyond determi
ne
if a given record is listed or not. You don't actually need to
configure
or use the various 127.0.0.X addresses that might get returned.
On the other hand, if you're using multiple rbldnsd instances, one per
zone... hile it's a pain you can indeed configured rbldns to serve
multiple zones. Or just bind the additional loopback instances
Precisely! Sorry I apparently wasn't clearer in the beginning.
According to my conversations with the author of rbldnsd, rbldnsd was
returning REFUSED to all my requests on my FBSD-7 server.
Because it was unable to communicate on 127.0.0.2.
If it returned REFUSED it could communicate. REFUSED is a
DNS rcode so the packet went to the server and a reply was
returned. This is a problem with a access control list in
the rbldnsd configuration. I can tell you that without
ever having run rbldnsd.
Yes, of course. Sorry, my bad. RBLDNSD's /log/ files contain REFUSED.
The dig, host,nslookup queries return
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 58463
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
Sorry. I should have taken more time to answer.
--Chris H
Which doesn't change the diagnosis.
You are talking to the caching server which is talking to
rbldnsd which returns REFUSED. When the caching server
runs out of servers to try it returns SERVFAIL to the
original querier.
Hello Mark. Thank you for your thoughtful reply.
FWIW I'm hosting my own zone, out of my domain's address using a
different host name. I'm simply forwarding the requests to a different
port, so as to prevent port collision with the BIND. The zones are
answered our of 127.0.0.2 || 3.
I have absolutely no idea why FBSD v7 (on 2 machines) will only
dole out 127.0.0.1, while all my other servers running RELENG_6 all
dole out a /minimum/ of 127.0.0.1/8 by default. But, having just now
modified the default rc for ifconfig_lo0 to a 255.255.255.0 netmask
now makes a different response when querying rbldnsd.
Sending:
dig -p530 @my-domain.COM \
some IP in the zone.blackhole.my-domain.COM
now returns:
;; Got answer:
;; -HEADER- opcode: QUERY, status: REFUSED, id: 1673
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
The following query:
dig -p530 +norec @blackhole.my-domain.COM \
some IP in the zone.blackhole.my-domain.COM -t txt
Returns the same. So, adding the additional addresses on lo0
at least eliminated the NXDOMAIN. But of course, still no joy.
OH, and no, I'm not using an auth file (zone). Didn't need one
on the working v6 server, and see no reason to think I should
need one here.
Thank you again, for your thoughtful response.
--Chris H
P.S. Right out of the BIND FAQ:
zone blackhole.my-domain.COM {
type forward;
forward only;
forwarders { my servers primary IP port 530; };
};
P.S. you can test the rbldnsd directly if you want.
dig -p port +norec @address query
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
--
panic: kernel trap (ignored)
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. What evidence do you have for this? Show your ifconfig commands, etc. I use 127/8 addresses all the time without problems. Kris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Tue, Mar 04, 2008 at 12:03:20AM -0800, Chris H. wrote: I have absolutely no idea why FBSD v7 (on 2 machines) will only dole out 127.0.0.1, while all my other servers running RELENG_6 all dole out a /minimum/ of 127.0.0.1/8 by default. But, having just now modified the default rc for ifconfig_lo0 to a 255.255.255.0 netmask now makes a different response when querying rbldnsd. Okay, let's back up here. The reason your FreeBSD machines don't respond on addresses other than 127.0.0.1 is because your lo0 interface does not have 127.0.0.2 and 127.0.0.3 addresses bound to them. These are called IP aliases. To add them, do the following: # ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias # ifconfig lo0 inet 127.0.0.3 netmask 255.255.255.255 alias The netmask specified on an alias line is important! Use what I showed; do not argue. And yes, Linux does it differently. To make this work on bootup, add the following to rc.conf: ifconfig_lo0_alias0=inet 127.0.0.2 netmask 255.255.255.255 ifconfig_lo0_alias1=inet 127.0.0.3 netmask 255.255.255.255 You do not need an ifconfig_lo0 line in /etc/rc.conf; there is already one in /etc/defaults/rc.conf which will be used correctly. Secondly, on both RELENG_6 and RELENG_7, when the 127.0.0.1 address is assigned to lo0, the netmask used is 255.0.0.0. Evidence: $ uname -r 6.3-PRERELEASE $ grep lo0 /etc/rc.conf $ grep lo0 /etc/defaults/rc.conf ifconfig_lo0=inet 127.0.0.1 # default loopback device configuration. #ifconfig_lo0_alias0=inet 127.0.0.254 netmask 0x # Sample alias entry. $ ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 $ uname -r 7.0-STABLE $ grep lo0 /etc/rc.conf $ grep lo0 /etc/defaults/rc.conf ifconfig_lo0=inet 127.0.0.1 # default loopback device configuration. #ifconfig_lo0_alias0=inet 127.0.0.254 netmask 0x # Sample alias entry. $ ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff00 Thirdly, it's pretty apparent you don't understand what a netmask does. Machines don't dole out 127.0.0.1/8 -- this phrase makes no sense. A netmask is what defines a region of IP address space in which a machine within said region will honour packets within. More specifically: it tells the machine for any IP address you have bound to this interface, respond to packets destined to the broadcast address of that network region. For example, if you had a network region of 192.168.1.0/24 (in English, the region would be 192.168.1.0 to 192.168.1.255), your broadcast address would be 192.168.1.255. Your network address is 192.168.1.0, but that's for another discussion. If you put a machine on that network as 192.168.1.200, and give it a netmask of 255.255.255.0, it will respond to any packets destined to 192.168.1.100 (obviously), but will also respond to packets destined to the broadcast address (192.168.1.255). If you then put another box on the network as 192.168.1.7, and give it a netmask of 255.255.255.128 (/25), it should not be able to see 192.168.1.200. Broadcast packets from 192.168.1.7 would be going to 192.168.1.128 (its view of the network would be 192.168.1.0 to 192.168.1.128). This is a completely different beast than IP aliasing, but hopefully my explanation helps regardless. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Kris Kennaway [EMAIL PROTECTED]: Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. What evidence do you have for this? Show your ifconfig commands, etc. Anything you like. I use 127/8 addresses all the time without problems. Yes, I have heard that from several people on the list. The only reference to lo0 I have is in /etc/defaults/rc.conf: ifconfig_lo0=inet 127.0.0.1 # default loopback device configuration. #ifconfig_lo0_alias0=inet 127.0.0.254 netmask 0x # Sample alias entry. #ifconfig_ed0_ipx=ipx 0x00010010# Sample IPX address family entry. #ifconfig_fxp0_name=net0# Change interface name from fxp0 to net0. #ipv4_addrs_fxp0=192.168.0.1/24 192.168.1.1-5/28 # example IPv4 address entry. Neither server has anything other than this. The RELENG_6 server acts as everyone else has responded (including yourself). But the 7-RC3 server, and 7-B4 server, both provide only 127.0.0.1 Dunno what to think. In my desperation to get this application running as it did on the RELENG_6 server; I added the following to /et/rc.conf ifconfig_lo0=inet 127.0.0.1 netmask 255.255.255.0 Killed the BIND, and then ran /etc/netstart and I discovered I have all the 127's I will ever need. I then restarted the BIND and the application I'm trying to get working. Anyhow. I didn't intend to spam the list with the application issues. I'm simply trying to discover why the loopback block isn't functioning the same on my recent 7 installs as it has always functioned in the past. I'll be happy to provide any further details/data anyone might require. Thanks for taking the time to respond. --Chris H Kris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Tue, Mar 04, 2008 at 01:52:46AM -0800, Jeremy Chadwick wrote: If you put a machine on that network as 192.168.1.200, and give it a netmask of 255.255.255.0, it will respond to any packets destined to 192.168.1.100 (obviously), but will also respond to packets destined to the broadcast address (192.168.1.255). Argh. The line: ... it will respond to any packets destined to 192.168.1.100 ... Should have read: ... it will respond to any packets destined to 192.168.1.200 ... -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Tue, Mar 04, 2008 at 01:52:46AM -0800, Jeremy Chadwick wrote: If you then put another box on the network as 192.168.1.7, and give it a netmask of 255.255.255.128 (/25), it should not be able to see 192.168.1.200. Broadcast packets from 192.168.1.7 would be going to 192.168.1.128 (its view of the network would be 192.168.1.0 to 192.168.1.128). And this is also wrong (off-by-one on the broadcast address). It should have read: If you then put another box on the network as 192.168.1.7, and give it a netmask of 255.255.255.128 (/25), it should not be able to see 192.168.1.200. Broadcast packets from 192.168.1.7 would be going to 192.168.1.127 (its view of the network would be 192.168.1.0 to 192.168.1.127). This is what I get for handling two MPLS network outages at the same time while trying to write this mail. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Tue, 2008-03-04 at 00:03 -0800, Chris H. wrote: Hello Mark. Thank you for your thoughtful reply. FWIW I'm hosting my own zone, out of my domain's address using a different host name. I'm simply forwarding the requests to a different port, so as to prevent port collision with the BIND. The zones are answered our of 127.0.0.2 || 3. I have absolutely no idea why FBSD v7 (on 2 machines) will only dole out 127.0.0.1, while all my other servers running RELENG_6 all dole out a /minimum/ of 127.0.0.1/8 by default. This makes absolutely no sense. My FreeBSD 7 laptop has lo0 configured as 127.0.0.1/8 - THAT IS TO SAY, it has an IP address of 127.0.0.1 and a netmask of 255.0.0.0 . All other 7 boxes I test have the same, as do all the 6.1, 6.2 and 6.3 boxes. Pray, what netmask does your lo0 have, given that you insist it has 127.0.0.1/32 ? This would show up in ``ifconfig lo0'' as inet 127.0.0.1 netmask 0x I very much doubt it is. Tom signature.asc Description: This is a digitally signed message part
Re: What's new on the 127.0.0/24 block in 7?
Quoting Jeremy Chadwick [EMAIL PROTECTED]: On Tue, Mar 04, 2008 at 12:03:20AM -0800, Chris H. wrote: I have absolutely no idea why FBSD v7 (on 2 machines) will only dole out 127.0.0.1, while all my other servers running RELENG_6 all dole out a /minimum/ of 127.0.0.1/8 by default. But, having just now modified the default rc for ifconfig_lo0 to a 255.255.255.0 netmask now makes a different response when querying rbldnsd. Okay, let's back up here. The reason your FreeBSD machines don't respond on addresses other than 127.0.0.1 is because your lo0 interface does not have 127.0.0.2 and 127.0.0.3 addresses bound to them. These are called IP aliases. To add them, do the following: # ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias # ifconfig lo0 inet 127.0.0.3 netmask 255.255.255.255 alias The netmask specified on an alias line is important! Use what I showed; do not argue. And yes, Linux does it differently. To make this work on bootup, add the following to rc.conf: ifconfig_lo0_alias0=inet 127.0.0.2 netmask 255.255.255.255 ifconfig_lo0_alias1=inet 127.0.0.3 netmask 255.255.255.255 You do not need an ifconfig_lo0 line in /etc/rc.conf; there is already one in /etc/defaults/rc.conf which will be used correctly. Secondly, on both RELENG_6 and RELENG_7, when the 127.0.0.1 address is assigned to lo0, the netmask used is 255.0.0.0. Evidence: $ uname -r 6.3-PRERELEASE $ grep lo0 /etc/rc.conf $ grep lo0 /etc/defaults/rc.conf ifconfig_lo0=inet 127.0.0.1 # default loopback device configuration. #ifconfig_lo0_alias0=inet 127.0.0.254 netmask 0x # Sample alias entry. $ ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 $ uname -r 7.0-STABLE $ grep lo0 /etc/rc.conf $ grep lo0 /etc/defaults/rc.conf ifconfig_lo0=inet 127.0.0.1 # default loopback device configuration. #ifconfig_lo0_alias0=inet 127.0.0.254 netmask 0x # Sample alias entry. $ ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff00 Thirdly, it's pretty apparent you don't understand what a netmask does. Machines don't dole out 127.0.0.1/8 -- this phrase makes no sense. A netmask is what defines a region of IP address space in which a machine within said region will honour packets within. More specifically: it tells the machine for any IP address you have bound to this interface, respond to packets destined to the broadcast address of that network region. For example, if you had a network region of 192.168.1.0/24 (in English, the region would be 192.168.1.0 to 192.168.1.255), your broadcast address would be 192.168.1.255. Your network address is 192.168.1.0, but that's for another discussion. If you put a machine on that network as 192.168.1.200, and give it a netmask of 255.255.255.0, it will respond to any packets destined to 192.168.1.100 (obviously), but will also respond to packets destined to the broadcast address (192.168.1.255). If you then put another box on the network as 192.168.1.7, and give it a netmask of 255.255.255.128 (/25), it should not be able to see 192.168.1.200. Broadcast packets from 192.168.1.7 would be going to 192.168.1.128 (its view of the network would be 192.168.1.0 to 192.168.1.128). This is a completely different beast than IP aliasing, but hopefully my explanation helps regardless. OK, OK. deep breath. Sorry for all the noise. I've been struggling with all this for w-a-y too long, and am w-a-y too keyed up over it. I'm /not/ being concise, I'm making no sense at all. Sorry. To the point; Indeed, I fully understand all of this - no, /really/. :) I've been managing IP blocks for as long as I can remember (or care to), and yes, everything you thoughtfully explained is absolutely correct. I know. What I am having absolutely no understanding of; is why do 2 FBSD servers sharing the same setups, and the same stock lo0 setups react /completely/ differently than each other, when the only difference is the version of FBSD, and the version of the BIND? RELENG_6 server has nothing more than the 7-RC3 regarding lo0 (/etc/defaults/rc.conf: ifconfig_lo0=inet 127.0.0.1). when I start rbldnsd on the RELENG_6's primary IP port:530 with a zone file using 127.0.0.2 a zone file using 127.0.0.3. Everything works like a charm. Yet same setup, same config, different FBSD version; nothing works as it did before. What magic occurred on the RELENG_6 boxen? I have spent 5 days attempting to ascertain this - to no avail. In my desperation, I came here, thinking there /must/ be something different that I am unable to see, or is perhaps, undocumented. I know; it defies all NET logic. But it /did/ and /will/ work /every/ time on the RELENG_6 boxen. Yet, there is no difference in the configs. Really, I'm not a NET idiot. I am (for the most part) happily managing some 200 domains, and with the exception of this little episode, having no trouble with their management at all.
Re: What's new on the 127.0.0/24 block in 7?
Quoting Tom Evans [EMAIL PROTECTED]: On Tue, 2008-03-04 at 00:03 -0800, Chris H. wrote: Hello Mark. Thank you for your thoughtful reply. FWIW I'm hosting my own zone, out of my domain's address using a different host name. I'm simply forwarding the requests to a different port, so as to prevent port collision with the BIND. The zones are answered our of 127.0.0.2 || 3. I have absolutely no idea why FBSD v7 (on 2 machines) will only dole out 127.0.0.1, while all my other servers running RELENG_6 all dole out a /minimum/ of 127.0.0.1/8 by default. This makes absolutely no sense. My FreeBSD 7 laptop has lo0 configured as 127.0.0.1/8 - THAT IS TO SAY, it has an IP address of 127.0.0.1 and a netmask of 255.0.0.0 . All other 7 boxes I test have the same, as do all the 6.1, 6.2 and 6.3 boxes. Pray, what netmask does your lo0 have, given that you insist it has 127.0.0.1/32 ? This would show up in ``ifconfig lo0'' as inet 127.0.0.1 netmask 0x I very much doubt it is. Hello, and thanks for the reply. In short; yes, the 7-RC3 returned just that. In long; Both servers have the same (and only) entry: /etc/defaults/rc.conf: ifconfig_lo0=inet 127.0.0.1 no more, no less. The RELENG_6 server reports: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 The 7-RC3 did not (I'd provide the output, but I've since added and activated an entry in /etc/rc.conf that provides a /24 on lo0). Since I'm only /really/ interested in SWIP'ing 3 IP's out of the the block 254 will be more than enough. I don't know what to say. It's (as you've no doubt already discovered) driving me nuts! Anyhow, thanks again for taking the time to respond. I appreciate it. --Chris H Tom -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Tue, Mar 04, 2008 at 02:23:21AM -0800, Chris H. wrote: What I am having absolutely no understanding of; is why do 2 FBSD servers sharing the same setups, and the same stock lo0 setups react /completely/ differently than each other, when the only difference is the version of FBSD, and the version of the BIND? RELENG_6 server has nothing more than the 7-RC3 regarding lo0 (/etc/defaults/rc.conf: ifconfig_lo0=inet 127.0.0.1). when I start rbldnsd on the RELENG_6's primary IP port:530 with a zone file using 127.0.0.2 a zone file using 127.0.0.3. Everything works like a charm. Yet same setup, same config, different FBSD version; nothing works as it did before. This is bordering on not enough information, sadly. People are going to need to see the details you're holding back. Start with providing the output from ifconfig lo0 on both the RELENG_6 box and the RELENG_7 box. Secondly, as Mark (Andrews) pointed out, whatever data you have in your rbldnsd **zone files** has nothing to do with the IP or IPs bound to lo0. What's really needed at this point is for you to describe in detail your rdnsbld configuration on both machines, and what it is you want to accomplish. As it stands right now, my understanding is that you are: * Running a single instance of rbldnsd on both machines, * Binding rbldnsd on each machine to publicip:530 * Utilising zone data which contains IPs 127.0.0.2 and 127.0.0.3 And that the setup works OK for you on RELENG_6, but not RELENG_7. I really don't want to have to install rbldnsd on both of our production RELENG_6 and RELENG_7 boxes to tinker with this and figure out what's going on, but if I have to, I will. I can assure you that both of our said boxes are identical when it comes to the behaviour of loopback; nothing there has changed. I didn't mean to imply you're stupid or incompetent -- that is in no way what I was getting at. But there does seem to be some disconnection going on: it's important that you understand A records or PTR records in zone files (which is what those 127.0.0.[23] addresses are) do not have direct relation to IP addresses bound to interfaces nor netmasks. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Tue, Mar 04, 2008 at 02:48:31AM -0800, Chris H. wrote: In long; Both servers have the same (and only) entry: /etc/defaults/rc.conf: ifconfig_lo0=inet 127.0.0.1 no more, no less. The RELENG_6 server reports: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 The 7-RC3 did not (I'd provide the output, but I've since added and activated an entry in /etc/rc.conf that provides a /24 on lo0). Since I'm only /really/ interested in SWIP'ing 3 IP's out of the the block 254 will be more than enough. Okay so it sounds like there's two separate issues here: 1) The issue with rbldnsd not working for you on RELENG_7 (returning REFUSED and some other oddities), 2) When assigning an IP to lo0 on your RELENG_7 box, the netmask chosen is 255.255.255.255 (0x) instead of 255.0.0.0 (0xff00), even though for everyone else this isn't happening. :-) You've made a hackfix for the issue in #2 by explicitly putting the following line in your /etc/rc.conf: ifconfig_lo0=inet 127.0.0.1 netmask 255.0.0.0 Which also appears to resolve issue #1, is that correct? If that's true, there is greater demons at work here, or something we aren't being told about the configuration. Again, the IPs in rbldnsd zone files have nothing to do with IP addresses or netmasks associated with loopback, so I don't see how changing the netmask would fix that. It almost sounds as if the rbldnsd software may be written to assume they're all related, and I sure hope that isn't the case. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Jeremy Chadwick [EMAIL PROTECTED]: On Tue, Mar 04, 2008 at 02:23:21AM -0800, Chris H. wrote: What I am having absolutely no understanding of; is why do 2 FBSD servers sharing the same setups, and the same stock lo0 setups react /completely/ differently than each other, when the only difference is the version of FBSD, and the version of the BIND? RELENG_6 server has nothing more than the 7-RC3 regarding lo0 (/etc/defaults/rc.conf: ifconfig_lo0=inet 127.0.0.1). when I start rbldnsd on the RELENG_6's primary IP port:530 with a zone file using 127.0.0.2 a zone file using 127.0.0.3. Everything works like a charm. Yet same setup, same config, different FBSD version; nothing works as it did before. This is bordering on not enough information, sadly. People are going to need to see the details you're holding back. No. It's not a matter of holding back. I really don't want to spam the stable list with ports litter. My main concern/question was in figuring out why 2 identical server configs would react so differently in the way they handle lo0 and friends - rbldnsd, or no rbldnsd. Start with providing the output from ifconfig lo0 on both the RELENG_6 box and the RELENG_7 box. I've already committed an /etc/rc.conf: ifconfig_lo0=inet 127.0.0.1 netmask 255.255.255.0 which is now active on the 7-RC3 server. So until later I can only provide the RELENG_6 output: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 I'll uncommit/unactivate the 7-RC3 entry as soon as I can and provide it's output, as well. Secondly, as Mark (Andrews) pointed out, whatever data you have in your rbldnsd **zone files** has nothing to do with the IP or IPs bound to lo0. What's really needed at this point is for you to describe in detail your rdnsbld configuration on both machines, and what it is you want to accomplish. As it stands right now, my understanding is that you are: * Running a single instance of rbldnsd on both machines, * Binding rbldnsd on each machine to publicip:530 * Utilising zone data which contains IPs 127.0.0.2 and 127.0.0.3 Actually, I'm only running rbldnsd on one machine at a time. With the final goal of running it permanently on the 7-RC3 (current work in progress). And that the setup works OK for you on RELENG_6, but not RELENG_7. Correct. I really don't want to have to install rbldnsd on both of our production RELENG_6 and RELENG_7 boxes to tinker with this and figure out what's going on, but if I have to, I will. No. Please don't bother yourself with this. This wasn't meant to be the topic of this thread - it's just the situation that brought me to my question(s) regarding the behavior of lo0 and friends. Thank you for considering it though. :) I can assure you that both of our said boxes are identical when it comes to the behaviour of loopback; nothing there has changed. Fair enough. My RELENG_6 boxen must be demon possessed, or something - D'OH! Pardon the pun. :P I didn't mean to imply you're stupid or incompetent -- that is in no way what I was getting at. But there does seem to be some disconnection going on: it's important that you understand A records or PTR records in zone files (which is what those 127.0.0.[23] addresses are) do not have direct relation to IP addresses bound to interfaces nor netmasks. No. Just the ability to create/connect/communicate over them (the IP's). Which it seems the RELENG_6 server is happy to provide - inspite of how unorthodox it is. Thank you very much for all the time you've taken. --Chris H -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Jeremy Chadwick [EMAIL PROTECTED]: On Tue, Mar 04, 2008 at 02:48:31AM -0800, Chris H. wrote: In long; Both servers have the same (and only) entry: /etc/defaults/rc.conf: ifconfig_lo0=inet 127.0.0.1 no more, no less. The RELENG_6 server reports: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 The 7-RC3 did not (I'd provide the output, but I've since added and activated an entry in /etc/rc.conf that provides a /24 on lo0). Since I'm only /really/ interested in SWIP'ing 3 IP's out of the the block 254 will be more than enough. Okay so it sounds like there's two separate issues here: 1) The issue with rbldnsd not working for you on RELENG_7 (returning REFUSED and some other oddities), 2) When assigning an IP to lo0 on your RELENG_7 box, the netmask chosen is 255.255.255.255 (0x) instead of 255.0.0.0 (0xff00), even though for everyone else this isn't happening. :-) You've made a hackfix for the issue in #2 by explicitly putting the following line in your /etc/rc.conf: ifconfig_lo0=inet 127.0.0.1 netmask 255.0.0.0 Which also appears to resolve issue #1, is that correct? Yes, adding an entry in /etc/rc.conf that provides 254 IP's now reveals: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3inet 127.0.0.1 netmask 0xff00 as opposed to: 0x. If that's true, there is greater demons at work here, LOL. By the time you read this, you will have already read my /punny/ statement to the same. :) or something we aren't being told about the configuration. Again, the IPs in rbldnsd zone files have nothing to do with IP addresses or netmasks associated with loopback, so I don't see how changing the netmask would fix that. It almost sounds as if the rbldnsd software may be written to assume they're all related, and I sure hope that isn't the case. No. I'm more inclined, at this state. To think that since the IP is defined in the zone file. That it requires the /availability/ of the IP so that it can use it - not unlike the BIND. But, it is not the BIND, so will have it's own (see; different) way of management regarding IP--name, etc... Anyway, my /real/ reason for starting all this, was to figure out why the 2 machines act so differently. I can assure you that I have spent the entire day attempting to figure out if any difference had crept into any of the server configs. But could find none. Thanks again for all your time and effort. --Chris H -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Chris H. [EMAIL PROTECTED] writes: Yes, adding an entry in /etc/rc.conf that provides 254 IP's now reveals: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3inet 127.0.0.1 netmask 0xff00 as opposed to: 0x. Let's peel this issue back to the basics. This does *not* have 254 IP addresses on that interface. The interface still has only one address on that interface. There are 254 other addresses on the subnet, but only one of them belongs to your machine. If you want the machine to answer to 127.0.0.2, you still need to add it separately. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On 2008-03-04, Chris H. wrote: Yes, adding an entry in /etc/rc.conf that provides 254 IP's now reveals: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3inet 127.0.0.1 netmask 0xff00 as opposed to: 0x. If you think the above shows evidence of providing 254 IP addresses, it's really time either to catch up on some sleep or learn how these things work. Anyway, my /real/ reason for starting all this, was to figure out why the 2 machines act so differently. I can assure you that I have spent the entire day attempting to figure out if any difference had crept into any of the server configs. But could find none. The fact that you could not find the difference(s) is no evidence that there are none. It's abundantly clear from this very lengthy and often almost content-free discussion that you are either so tired and frantic that your brain has seized up or that you really don't understand this stuff as well as you think. (The clear evidence is that you have no idea of the meaning of assigning and IP address to an interface versus the meaning of an IP address given as a reply to a name lookup -- yet you continue to insist that you do have such an understanding.) If you could give a clear and complete description of what is really happening, without any of your own theories clouding that description, somebody clueful might be able to see just what is the obvious factor you have missed. As things stand, you are just going around in big unproductive circles and giving the rest of us no useful information to help you with. None of the above is intended as a flame, but it's really time to take stock and make a serious attempt to provide all the data so that those who can help are able to understand the problem. Greg ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Tue, Mar 04, 2008 at 03:22:00AM -0800, Chris H. wrote: No. It's not a matter of holding back. I really don't want to spam the stable list with ports litter. My main concern/question was in figuring out why 2 identical server configs would react so differently in the way they handle lo0 and friends - rbldnsd, or no rbldnsd. Have you recently diffed the actual running config files? From the sidelines, it sounds like a change may have been made and forgotten, or made by another admin which could be causing issues. I know that often when I start thinking, Nothing is different the software is broken! something is different. Important files off the top of my head: /etc/defaults/rc.conf /etc/rc.conf /etc/rc.local /etc/namedb/named.conf (and friends) /usr/local/etc/whatever_rbldnsd_uses pkg_info | egrep '(rbldns|named)' and then diff that output. maybe diff the ifconfig -a output between the two boxes and verify the expected differences. I think more details might actually translate to less clutter on the -stable list, even if it turns out to be ports related. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Lowell Gilbert [EMAIL PROTECTED]: Chris H. [EMAIL PROTECTED] writes: Yes, adding an entry in /etc/rc.conf that provides 254 IP's now reveals: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3inet 127.0.0.1 netmask 0xff00 as opposed to: 0x. Let's peel this issue back to the basics. This does *not* have 254 IP addresses on that interface. The interface still has only one address on that interface. There are 254 other addresses on the subnet, but only one of them belongs to your machine. If you want the machine to answer to 127.0.0.2, you still need to add it separately. Yes. Of course. In the same way one might add /any/ address to their working pool - eg; ifconfig_lo0=inet 127.0.0.1 netmask 255.255.255.224 which could/might be followed by ifconfig_lo0_alias0=inet 127.0.0.2 netmask 255.255.255.255 etc... 127.0.0.0 - NET 127.0.0.255 - BCAST In spite of the way I announced/described all this, I'm actually familiar with the whole thing. My only interest was in determining why the netmask defaulted to 0x (255.255.255.255) on the lo0 interface in my 7-RC3 install. While all of my RELENG_6 servers happily provided 0xff00. After much examination, and research, I could find no apparent reason. So decided to ask here. Thank you for taking the time to respond. --Chris H ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Chris H. [EMAIL PROTECTED]: Quoting Lowell Gilbert [EMAIL PROTECTED]: Chris H. [EMAIL PROTECTED] writes: Yes, adding an entry in /etc/rc.conf that provides 254 IP's now reveals: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3inet 127.0.0.1 netmask 0xff00 as opposed to: 0x. Let's peel this issue back to the basics. This does *not* have 254 IP addresses on that interface. The interface still has only one address on that interface. There are 254 other addresses on the subnet, but only one of them belongs to your machine. If you want the machine to answer to 127.0.0.2, you still need to add it separately. Yes. Of course. In the same way one might add /any/ address to their working pool - eg; ifconfig_lo0=inet 127.0.0.1 netmask 255.255.255.224 which could/might be followed by ifconfig_lo0_alias0=inet 127.0.0.2 netmask 255.255.255.255 etc... 127.0.0.0 - NET 127.0.0.255 - BCAST strike127.0.0.255 - BCAST/strike 127.0.0.31 - BCAST In spite of the way I announced/described all this, I'm actually familiar with the whole thing. Then why did you claim 255 addresses on a /27 in your post. My only interest was in determining why the netmask defaulted to 0x (255.255.255.255) on the lo0 interface in my 7-RC3 install. While all of my RELENG_6 servers happily provided 0xff00. After much examination, and research, I could find no apparent reason. So decided to ask here. Thank you for taking the time to respond. --Chris H ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Greg Black [EMAIL PROTECTED]: On 2008-03-04, Chris H. wrote: Yes, adding an entry in /etc/rc.conf that provides 254 IP's now reveals: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3inet 127.0.0.1 netmask 0xff00 as opposed to: 0x. If you think the above shows evidence of providing 254 IP addresses, it's really time either to catch up on some sleep or learn how these things work. Quite so. That was my point; adding netmask 255.255.255.0 (0xff00) gave me 254 addresses. While the netmask 0x provides 1. Anyway, my /real/ reason for starting all this, was to figure out why the 2 machines act so differently. I can assure you that I have spent the entire day attempting to figure out if any difference had crept into any of the server configs. But could find none. The fact that you could not find the difference(s) is no evidence that there are none. It's abundantly clear from this very lengthy and often almost content-free discussion that you are either so tired and frantic that your brain has seized up or that you really don't understand this stuff as well as you think. (The clear evidence is that you have no idea of the meaning of assigning and IP address to an interface versus the meaning of an IP address given as a reply to a name lookup -- yet you continue to insist that you do have such an understanding.) If you could give a clear and complete description of what is really happening, without any of your own theories clouding that description, somebody clueful might be able to see just what is the obvious factor you have missed. As things stand, you are just going around in big unproductive circles and giving the rest of us no useful information to help you with. None of the above is intended as a flame, but it's really time to take stock and make a serious attempt to provide all the data so that those who can help are able to understand the problem. Thank you for your tolerance. I'm afraid - to my great embarrassment, that a 5:30am - 3:30am day ultimately results in NON productivity; in spite of my instance to close this issue before calling it a day. In short; Indeed. Your analysis is quite accurate. I'm afraid, after spending s-o-o-o much time on the issue, I became /quite/ obsessed with closure that I made a fool of myself here. Please accept my apologies. In the future, I'll choose a tall Tequila tonic, and a good nights sleep - over spamming the list. :) In short; the title /should/ have read 127.0.0.1/8 In my case; I was working with 2 of my servers - a RELENG_6, and an 7-RC3. The RELENG_6 defaulted to 127.0.0.1/8 While the 7-RC3 defaulted to 127.0.0.1/32 There were other peculiarities which I added to the thread that I thought worth mentioning. But ultimately, only served to cloud the whole matter. Thanks again. --Chris H I hope Greg ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Just to provide a little information in case there is still confusion... On Tue, 4 Mar 2008, Chris H. wrote: Quoting Greg Black [EMAIL PROTECTED]: On 2008-03-04, Chris H. wrote: Yes, adding an entry in /etc/rc.conf that provides 254 IP's now reveals: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3inet 127.0.0.1 netmask 0xff00 as opposed to: 0x. If you think the above shows evidence of providing 254 IP addresses, it's really time either to catch up on some sleep or learn how these things work. Quite so. That was my point; adding netmask 255.255.255.0 (0xff00) gave me 254 addresses. While the netmask 0x provides 1. At the risk of being pedantic, I'm afraid that isn't true. If adding netmask 255.255.255.0 provided 255 addresses, adding the (default in every version of FreeBSD I'm aware of) netmask of 255.0.0.0 would provide 255x255x255 addresses. That said, there is no way to ifconfig multiple addresses with a single address entry. The netmask of an IP bound to an interface determines the scope of the logical network that can be reached through the given interface, not a range of addresses bound to the interface. So, 127.0.0.1 with a mask of 255.255.255.0 means 127.0.0.0-255 would be reachable via lo0, whereas 127.0.0.1 with a mask of 255.0.0.0 means 127.0-255.0-255.0-255 would be reachable via lo0. In neither case would 127.0.0.2 be bound to lo0 implicitly, you would need to explicitly ifconfig them as aliases for them to be bound to lo0. No worries regardless, netmasks are a common source of misunderstanding and confusion. In a routing context, the subnet mask does indeed affect every address within the subnet, however when binding addresses to an interface, the subnet mask merely controls which addresses are reachable locally on layer 2. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
What's new on the 127.0.0/24 block in 7?
Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. Thank you for all your time and consideration. --Chris H -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3? I don't see any indication of it needing that. DNS-based RBLs don't work like that, so I'm confused by this request. The software acts as dumb DNS server that returns specific IP addresses when certain zones are resolved. postfix, sendmail, or any other MTA will attempt DNS resolution of a hostname (at whatever stage of the SMTP transaction). You tell the MTA to use whatever.blah.com as a dnsbl, and the MTA will execute a resolver query to whatever.blah.com for a specific hostname. The resolver (rbldnsd) will answer for a hostname with a specific IP address (per the configuration file); each IP address returned can be used for a unique purpose, e.g. 127.0.0.2 could mean SOCKS proxy; denied, while 127.0.0.99 could mean Known hijacked network. There's a common list used here: http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section 127/8 Return Codes. If, for some bizarre reason, you REALLY DO need multiple loopback addresses, it works fine, as confirmed on my RELENG_7 box: icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias icarus# ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff00 inet 127.0.0.2 netmask 0x icarus# ping 127.0.0.2 PING 127.0.0.2 (127.0.0.2): 56 data bytes 64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms ^C --- 127.0.0.2 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Mon, 3 Mar 2008, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. Thank you for all your time and consideration. What subnet mask did you use when creating the 127.0.0.2 (etc) interfaces on lo0? On 7.0-R, I just ifconfig'ed 127.0.0.2 as an alias to lo0 with a subnet mask of 255.255.255.255, and I was able to bind/listen/accept on it with no problem. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Hello Jeremy, and thank you for your reply. Quoting Jeremy Chadwick [EMAIL PROTECTED]: On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3? I don't see any indication of it needing that. DNS-based RBLs don't work like that, so I'm confused by this request. OK Here, the scoop. I bind rbldnsd to one of my IRIP's (Internet Routable IP's). Requests can be made against /my/ blocklist @ my IRIP. Then, should there be a match, the answer is IN A 127.0.0.2 evil host yadda, yadda... This, unless an NON internet Routable address from a /private/ block is used, is the general way to best accomplish this. BTW, as I mentioned in my original post; this setup/config worked /perfectly/ on a recent RELENG_6 server. NOTE: there are no ifconfig, or ifconfig_alias's in either server' rc.conf /other/ than: ifconfig_lo0=inet 127.0.0.1 in /etc/default/rc.conf on /both/ servers. Yet, for some reason the 6.x server provides 127.0.0/24 without question. The 7 server with /identical/ setup, will only provide 127.0.0.1. I hope I have been more concise this time. Thank you very much for taking the time to respond. --Chris H The software acts as dumb DNS server that returns specific IP addresses when certain zones are resolved. postfix, sendmail, or any other MTA will attempt DNS resolution of a hostname (at whatever stage of the SMTP transaction). You tell the MTA to use whatever.blah.com as a dnsbl, and the MTA will execute a resolver query to whatever.blah.com for a specific hostname. The resolver (rbldnsd) will answer for a hostname with a specific IP address (per the configuration file); each IP address returned can be used for a unique purpose, e.g. 127.0.0.2 could mean SOCKS proxy; denied, while 127.0.0.99 could mean Known hijacked network. There's a common list used here: http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section 127/8 Return Codes. If, for some bizarre reason, you REALLY DO need multiple loopback addresses, it works fine, as confirmed on my RELENG_7 box: icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias icarus# ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff00 inet 127.0.0.2 netmask 0x icarus# ping 127.0.0.2 PING 127.0.0.2 (127.0.0.2): 56 data bytes 64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms ^C --- 127.0.0.2 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. Thank you for all your time and consideration. What subnet mask did you use when creating the 127.0.0.2 (etc) interfaces on lo0? On 7.0-R, I just ifconfig'ed 127.0.0.2 as an alias to lo0 with a subnet mask of 255.255.255.255, and I was able to bind/listen/accept on it with no problem. Indeed. I have several /24's to manage, and alias the bulk of them to the NIC on the server(s). But, having /identical/ configurations/setups of FreeBSD, and rbldnsd on two different servers; the recent RELENG_6 server desires/requires no alias on lo0, and happily provides a 127.0.0/24 While the same setup on a 7-RC3 will only provide 127.0.0.1. Which brings me to my original question; What's different on 7 regarding the 127.0.0/24 block? Thank you very much Andy, for taking the time to respond. --Chris H Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Mon, Mar 03, 2008 at 07:23:59PM -0800, Chris H. wrote: Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. Thank you for all your time and consideration. What subnet mask did you use when creating the 127.0.0.2 (etc) interfaces on lo0? On 7.0-R, I just ifconfig'ed 127.0.0.2 as an alias to lo0 with a subnet mask of 255.255.255.255, and I was able to bind/listen/accept on it with no problem. Indeed. I have several /24's to manage, and alias the bulk of them to the NIC on the server(s). But, having /identical/ configurations/setups of FreeBSD, and rbldnsd on two different servers; the recent RELENG_6 server desires/requires no alias on lo0, and happily provides a 127.0.0/24 While the same setup on a 7-RC3 will only provide 127.0.0.1. Which brings me to my original question; What's different on 7 regarding the 127.0.0/24 block? Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Edwin -- Edwin Groothuis |Personal website: http://www.mavetju.org [EMAIL PROTECTED]| Weblog: http://www.mavetju.org/weblog/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Royce Williams [EMAIL PROTECTED]:
Jeremy Chadwick wrote, on 3/3/2008 5:21 PM:
On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote:
I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html
Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3?
I don't see any indication of it needing that. DNS-based RBLs don't
work like that, so I'm confused by this request.
Indeed. You are /quite/ correct. I /do/ in fact run the BIND on the same
servers, and /do/ forward requests to the same servers primary address
(IP). But on a different port eg;
blackvoid.mydomain.COM {
type forward;
forward only;
forwarders { servers primary IP port 530; };
};
Hell, this is right out of the BIND FAQ that comes with the FreeBSD
BIND port.
/However/, rbldnsd needs to /answer/ when it finds a match, and answers:
IN A 127.0.0.2 REJECTED! evil spammer...
So. This is what I mean by needing 127.0.0.? other than 127.0.0.1.
Which brings me 'round to my original question:
What has changed in 7 regarding 127.0.0/24 (lo0 || loopback).
I have identical server setups/configs on 2 servers. The recent RELENG_6
server creates/provides 127.0.0/24 without question. While 7-RC3 only
provides 127.0.0.1.
Thanks for taking the time to respond.
--Chris H
It's not uncommon to configure BIND to forward requests for a DNSBL
zone to another local listener, so that one can take advantage of both
BIND local zones and rbldnsd local zones.
See http://www.njabl.org/rsync.html for an example -- the BIND config
of which looks like:
zone dnsbl.njabl.org IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 530;
};
};
Royce
--
Royce D. Williams- IP Engineering, ACS
http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531
Amid a multitude of projects, no plan is devised. - Syrus
--
panic: kernel trap (ignored)
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Jeremy Chadwick wrote, on 3/3/2008 5:21 PM:
On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote:
I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html
Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3?
I don't see any indication of it needing that. DNS-based RBLs don't
work like that, so I'm confused by this request.
It's not uncommon to configure BIND to forward requests for a DNSBL
zone to another local listener, so that one can take advantage of both
BIND local zones and rbldnsd local zones.
See http://www.njabl.org/rsync.html for an example -- the BIND config
of which looks like:
zone dnsbl.njabl.org IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 530;
};
};
Royce
--
Royce D. Williams- IP Engineering, ACS
http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531
Amid a multitude of projects, no plan is devised. - Syrus
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Hello Jeremy, and thank you for your reply. Quoting Jeremy Chadwick [EMAIL PROTECTED]: On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3? I don't see any indication of it needing that. DNS-based RBLs don't work like that, so I'm confused by this request. OK Here, the scoop. I bind rbldnsd to one of my IRIP's (Internet Routable IP's). Requests can be made against /my/ blocklist @ my IRIP. Then, should there be a match, the answer is IN A 127.0.0.2 evil host yadda, yadda... This, unless an NON internet Routable address from a /private/ block is used, is the general way to best accomplish this. BTW, as I mentioned in my original post; this setup/config worked /perfectly/ on a recent RELENG_6 server. NOTE: there are no ifconfig, or ifconfig_alias's in either server' rc.conf /other/ than: ifconfig_lo0=inet 127.0.0.1 I suggest that you look again. There is nothing in 6.x that automatically configures anything except 127.0.0.1 on lo0. in /etc/default/rc.conf on /both/ servers. Yet, for some reason the 6.x server provides 127.0.0/24 without question. By default 6.x will configure lo0 as 127.0.0.1/8. lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 inet 10.53.0.1 netmask 0x inet 10.53.0.2 netmask 0x inet 10.53.0.3 netmask 0x inet 10.53.0.4 netmask 0x inet 10.53.0.5 netmask 0x inet 10.53.0.6 netmask 0x inet 10.53.0.7 netmask 0x inet 127.0.0.2 netmask 0x inet 127.0.0.3 netmask 0x ifconfig_lo0_alias0=inet 10.53.0.1 netmask 0x ifconfig_lo0_alias1=inet 10.53.0.2 netmask 0x ifconfig_lo0_alias2=inet 10.53.0.3 netmask 0x ifconfig_lo0_alias3=inet 10.53.0.4 netmask 0x ifconfig_lo0_alias4=inet 10.53.0.5 netmask 0x ifconfig_lo0_alias5=inet 10.53.0.6 netmask 0x ifconfig_lo0_alias6=inet 10.53.0.7 netmask 0x ifconfig_lo0_alias7=inet 127.0.0.2 netmask 0x ifconfig_lo0_alias8=inet 127.0.0.3 netmask 0x I actually use lots of test addresses. Mark The 7 server with /identical/ setup, will only provide 127.0.0.1. I hope I have been more concise this time. Thank you very much for taking the time to respond. --Chris H The software acts as dumb DNS server that returns specific IP addresses when certain zones are resolved. postfix, sendmail, or any other MTA will attempt DNS resolution of a hostname (at whatever stage of the SMTP transaction). You tell the MTA to use whatever.blah.com as a dnsbl, and the MTA will execute a resolver query to whatever.blah.com for a specific hostname. The resolver (rbldnsd) will answer for a hostname with a specific IP address (per the configuration file); each IP address returned can be used for a unique purpose, e.g. 127.0.0.2 could mean SOCKS proxy; denied, while 127.0.0.99 could mean Known hijacked network. There's a common list used here: http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section 127/8 Return Codes. If, for some bizarre reason, you REALLY DO need multiple loopback addresses, it works fine, as confirmed on my RELENG_7 box: icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias icarus# ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff00 inet 127.0.0.2 netmask 0x icarus# ping 127.0.0.2 PING 127.0.0.2 (127.0.0.2): 56 data bytes 64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms ^C --- 127.0.0.2 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking
Re: What's new on the 127.0.0/24 block in 7?
On Tue, Mar 04, 2008 at 02:29:20PM +1100, Edwin Groothuis wrote: Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Ditto. And our RELENG_6 production servers are the same. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Edwin Groothuis [EMAIL PROTECTED]: On Mon, Mar 03, 2008 at 07:23:59PM -0800, Chris H. wrote: Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. Thank you for all your time and consideration. What subnet mask did you use when creating the 127.0.0.2 (etc) interfaces on lo0? On 7.0-R, I just ifconfig'ed 127.0.0.2 as an alias to lo0 with a subnet mask of 255.255.255.255, and I was able to bind/listen/accept on it with no problem. Indeed. I have several /24's to manage, and alias the bulk of them to the NIC on the server(s). But, having /identical/ configurations/setups of FreeBSD, and rbldnsd on two different servers; the recent RELENG_6 server desires/requires no alias on lo0, and happily provides a 127.0.0/24 While the same setup on a 7-RC3 will only provide 127.0.0.1. Which brings me to my original question; What's different on 7 regarding the 127.0.0/24 block? Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Really? Where did you get the install disc? Mine clearly doesn't. :( All I am provided is 127.0.0.1 - not 127.0.0.2,3... Thanks for your response. --Chris H Edwin -- Edwin Groothuis |Personal website: http://www.mavetju.org [EMAIL PROTECTED]| Weblog: http://www.mavetju.org/weblog/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Royce Williams [EMAIL PROTECTED]:
Jeremy Chadwick wrote, on 3/3/2008 5:21 PM:
On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote:
I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html
Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3?
I don't see any indication of it needing that. DNS-based RBLs don't
work like that, so I'm confused by this request.
Indeed. You are /quite/ correct. I /do/ in fact run the BIND on the same
servers, and /do/ forward requests to the same servers primary address
(IP). But on a different port eg;
blackvoid.mydomain.COM {
type forward;
forward only;
forwarders { servers primary IP port 530; };
};
Hell, this is right out of the BIND FAQ that comes with the FreeBSD
BIND port.
/However/, rbldnsd needs to /answer/ when it finds a match, and answers:
IN A 127.0.0.2 REJECTED! evil spammer...
What does the addresses returned by a DNS lookup have to
do with what addresses are configured on lo0?
The answer is NOTHING.
So. This is what I mean by needing 127.0.0.? other than 127.0.0.1.
Which brings me 'round to my original question:
What has changed in 7 regarding 127.0.0/24 (lo0 || loopback).
I have identical server setups/configs on 2 servers. The recent RELENG_6
server creates/provides 127.0.0/24 without question. While 7-RC3 only
provides 127.0.0.1.
Thanks for taking the time to respond.
--Chris H
It's not uncommon to configure BIND to forward requests for a DNSBL
zone to another local listener, so that one can take advantage of both
BIND local zones and rbldnsd local zones.
See http://www.njabl.org/rsync.html for an example -- the BIND config
of which looks like:
zone dnsbl.njabl.org IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 530;
};
};
Royce
--
Royce D. Williams- IP Engineering, ACS
http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531
Amid a multitude of projects, no plan is devised. - Syrus
--
panic: kernel trap (ignored)
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Mon, Mar 03, 2008 at 07:39:44PM -0800, Chris H. wrote: Quoting Edwin Groothuis [EMAIL PROTECTED]: On Mon, Mar 03, 2008 at 07:23:59PM -0800, Chris H. wrote: Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. Thank you for all your time and consideration. What subnet mask did you use when creating the 127.0.0.2 (etc) interfaces on lo0? On 7.0-R, I just ifconfig'ed 127.0.0.2 as an alias to lo0 with a subnet mask of 255.255.255.255, and I was able to bind/listen/accept on it with no problem. Indeed. I have several /24's to manage, and alias the bulk of them to the NIC on the server(s). But, having /identical/ configurations/setups of FreeBSD, and rbldnsd on two different servers; the recent RELENG_6 server desires/requires no alias on lo0, and happily provides a 127.0.0/24 While the same setup on a 7-RC3 will only provide 127.0.0.1. Which brings me to my original question; What's different on 7 regarding the 127.0.0/24 block? Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Really? Where did you get the install disc? Mine clearly doesn't. :( All I am provided is 127.0.0.1 - not 127.0.0.2,3... By default it will only generate 127.0.0.1. Reading through the thread (which only caught my eye because of the /24 there) showed a lot of confusion. Could you to take this confusion away tell again why you (think you) need the other ones? Edwin -- Edwin Groothuis |Personal website: http://www.mavetju.org [EMAIL PROTECTED]| Weblog: http://www.mavetju.org/weblog/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
On Mon, 3 Mar 2008, Chris H. wrote: Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Really? Where did you get the install disc? Mine clearly doesn't. :( All I am provided is 127.0.0.1 - not 127.0.0.2,3... 127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0. It doesn't imply a default behavior of binding to any other address than 127.0.0.1. But I'm still really confused what you're trying to do... See, the idea of returning multiple 127.0.0.X addressess within RBL is to convey different information while using a single zone. In the beginning, the RBLs would just reply with 127.0.0.1 and use different zones to imply different contexts...now you use a single zone with different 127.0.0.X addresses to convey the same information. But...you don't actually do anything with that resolution beyond determine if a given record is listed or not. You don't actually need to configure or use the various 127.0.0.X addresses that might get returned. On the other hand, if you're using multiple rbldnsd instances, one per zone... hile it's a pain you can indeed configured rbldns to serve multiple zones. Or just bind the additional loopback instances BTW, /etc/netstart is a nice shortcut to avoid fatfingering an ifconfig. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Really? Where did you get the install disc? Mine clearly doesn't. :( All I am provided is 127.0.0.1 - not 127.0.0.2,3... 127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0. It doesn't imply a default behavior of binding to any other address than 127.0.0.1. But I'm still really confused what you're trying to do... See, the idea of returning multiple 127.0.0.X addressess within RBL is to convey different information while using a single zone. In the beginning, the RBLs would just reply with 127.0.0.1 and use different zones to imply different contexts...now you use a single zone with different 127.0.0.X addresses to convey the same information. But...you don't actually do anything with that resolution beyond determine if a given record is listed or not. You don't actually need to configure or use the various 127.0.0.X addresses that might get returned. On the other hand, if you're using multiple rbldnsd instances, one per zone... hile it's a pain you can indeed configured rbldns to serve multiple zones. Or just bind the additional loopback instances Precisely! Sorry I apparently wasn't clearer in the beginning. According to my conversations with the author of rbldnsd, rbldnsd was returning REFUSED to all my requests on my FBSD-7 server. Because it was unable to communicate on 127.0.0.2. Even though it was bound to my internet routable IP, it still needed 127.0.0.2, because that was the IP associated with one of my zones (2 in all). However, I had no difficulties using 2 zones on my recent RELENG_6 server, (served out of 127.0.0.2, and 127.0.0.3). /This/ is why I felt there must be some difference between the 2 releases (FBSD). Anyway, I didn't want to spam the list soliciting advice on setting up rbldnsd - I already know how to do that. It just /appeared/ that there was some difference in the handling of lo0, and it's associated IP space. So, as I could find no info in src/UPDATING, or ports/UPDATING, nor the man pages. I thought I'd better ask here. BTW, /etc/netstart is a nice shortcut to avoid fatfingering an ifconfig. Thanks. That's good to know. My first thought, is to probably just assign a different netmask to lo0, in an effort to get the additional IP's. Then see if everything works as well as it did on my RELENG_6 server. Thanks again for your response. I think you really helped clear things up - though I still have no answer as to why there is a difference between the 2. Oh, well. Thank care. --Chris H Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Mark Andrews [EMAIL PROTECTED]: Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Really? Where did you get the install disc? Mine clearly doesn't. :( All I am provided is 127.0.0.1 - not 127.0.0.2,3... 127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0. It doesn't imply a default behavior of binding to any other address than 127.0.0.1. But I'm still really confused what you're trying to do... See, the idea of returning multiple 127.0.0.X addressess within RBL is to convey different information while using a single zone. In the beginning, the RBLs would just reply with 127.0.0.1 and use different zones to imply different contexts...now you use a single zone with different 127.0.0.X addresses to convey the same information. But...you don't actually do anything with that resolution beyond determine if a given record is listed or not. You don't actually need to configure or use the various 127.0.0.X addresses that might get returned. On the other hand, if you're using multiple rbldnsd instances, one per zone... hile it's a pain you can indeed configured rbldns to serve multiple zones. Or just bind the additional loopback instances Precisely! Sorry I apparently wasn't clearer in the beginning. According to my conversations with the author of rbldnsd, rbldnsd was returning REFUSED to all my requests on my FBSD-7 server. Because it was unable to communicate on 127.0.0.2. If it returned REFUSED it could communicate. REFUSED is a DNS rcode so the packet went to the server and a reply was returned. This is a problem with a access control list in the rbldnsd configuration. I can tell you that without ever having run rbldnsd. Yes, of course. Sorry, my bad. RBLDNSD's /log/ files contain REFUSED. The dig, host,nslookup queries return ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 58463 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 Sorry. I should have taken more time to answer. --Chris H Even though it was bound to my internet routable IP, it still needed 127.0.0.2, because that was the IP associated with one of my zones (2 in all). However, I had no difficulties using 2 zones on my recent RELENG_6 server, (served out of 127.0.0.2, and 127.0.0.3). /This/ is why I felt there must be some difference between the 2 releases (FBSD). Anyway, I didn't want to spam the list soliciting advice on setting up rbldnsd - I already know how to do that. It just /appeared/ that there was some difference in the handling of lo0, and it's associated IP space. So, as I could find no info in src/UPDATING, or ports/UPDATING, nor the man pages. I thought I'd better ask here. BTW, /etc/netstart is a nice shortcut to avoid fatfingering an ifconfig. Thanks. That's good to know. My first thought, is to probably just assign a different netmask to lo0, in an effort to get the additional IP's. Then see if everything works as well as it did on my RELENG_6 server. Thanks again for your response. I think you really helped clear things up - though I still have no answer as to why there is a difference between the 2. Oh, well. Thank care. --Chris H Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Mark Andrews [EMAIL PROTECTED]: Hello Jeremy, and thank you for your reply. Quoting Jeremy Chadwick [EMAIL PROTECTED]: On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote: Greetings, I'm having some difficulty working with anything past 127.0.0.1. It seems impossible to use (create) any addresses on the loopback past 127.0.0.1. More specifically; I installed rbldnsd from ports, and it worked quite well on a 6.x install. However, attempting the same config/install on a 7-RC3 install yields the inability to bind/create 127.0.0.2, or 127.0.0.3 for rbldnsd to answer on - all queries are refused. The same pinging/digging, etc. The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd configs. Yet no joy on the RELENG_7 box. So it /appears/ something in this area has changed since 6. But I'm unable to discover any info on it. I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3? I don't see any indication of it needing that. DNS-based RBLs don't work like that, so I'm confused by this request. OK Here, the scoop. I bind rbldnsd to one of my IRIP's (Internet Routable IP's). Requests can be made against /my/ blocklist @ my IRIP. Then, should there be a match, the answer is IN A 127.0.0.2 evil host yadda, yadda... This, unless an NON internet Routable address from a /private/ block is used, is the general way to best accomplish this. BTW, as I mentioned in my original post; this setup/config worked /perfectly/ on a recent RELENG_6 server. NOTE: there are no ifconfig, or ifconfig_alias's in either server' rc.conf /other/ than: ifconfig_lo0=inet 127.0.0.1 I suggest that you look again. There is nothing in 6.x that automatically configures anything except 127.0.0.1 on lo0. in /etc/default/rc.conf on /both/ servers. Yet, for some reason the 6.x server provides 127.0.0/24 without question. By default 6.x will configure lo0 as 127.0.0.1/8. lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 inet 10.53.0.1 netmask 0x inet 10.53.0.2 netmask 0x inet 10.53.0.3 netmask 0x inet 10.53.0.4 netmask 0x inet 10.53.0.5 netmask 0x inet 10.53.0.6 netmask 0x inet 10.53.0.7 netmask 0x inet 127.0.0.2 netmask 0x inet 127.0.0.3 netmask 0x ifconfig_lo0_alias0=inet 10.53.0.1 netmask 0x ifconfig_lo0_alias1=inet 10.53.0.2 netmask 0x ifconfig_lo0_alias2=inet 10.53.0.3 netmask 0x ifconfig_lo0_alias3=inet 10.53.0.4 netmask 0x ifconfig_lo0_alias4=inet 10.53.0.5 netmask 0x ifconfig_lo0_alias5=inet 10.53.0.6 netmask 0x ifconfig_lo0_alias6=inet 10.53.0.7 netmask 0x ifconfig_lo0_alias7=inet 127.0.0.2 netmask 0x ifconfig_lo0_alias8=inet 127.0.0.3 netmask 0x I actually use lots of test addresses. Hello Mark. Thanks for your response. Is there any way that you know of to take a screen shot during boot? I see mine pass by, but I can assure you that there is only one entry for lo0 (save IP6). Dmesg, nor messages, provides the information echoed for the network. Here's the output of netstat -ir NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll xl01500 Link#1 00:60:97:31:ab:9212058 0 6777 0 669 xl01500 fe80:1::260:9 fe80:1::260:97ff:0 -6 - - xl01500 11.222.333.22 myhost6869 - 6892 - - xl01500 11.222.333.24 my-domain.NET 16 -0 - - plip0 1500 Link#2 0 00 0 0 lo0 16384 Link#3 268 0 268 0 0 lo0 16384 localhost ::1 7 -7 - - lo0 16384 fe80:3::1 fe80:3::10 -0 - - lo0 16384 127.0.0.0 localhost 69 - 69 - - Thanks again for your reply. --Chris H Mark The 7 server with /identical/ setup, will only provide 127.0.0.1. I hope I have been more concise this time. Thank you very much for taking the time to respond. --Chris H The software acts as dumb DNS server that returns specific IP addresses when certain zones are resolved. postfix, sendmail, or any other MTA will attempt DNS resolution of a hostname (at whatever stage of the SMTP transaction). You tell the MTA to use whatever.blah.com as a dnsbl, and the MTA will execute a resolver query to whatever.blah.com for a specific hostname. The resolver (rbldnsd) will answer for a hostname with a specific IP address (per the configuration file); each IP address returned can be
Re: What's new on the 127.0.0/24 block in 7?
Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Really? Where did you get the install disc? Mine clearly doesn't. :( All I am provided is 127.0.0.1 - not 127.0.0.2,3... 127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0. It doesn't imply a default behavior of binding to any other address than 127.0.0.1. But I'm still really confused what you're trying to do... See, the idea of returning multiple 127.0.0.X addressess within RBL is to convey different information while using a single zone. In the beginning, the RBLs would just reply with 127.0.0.1 and use different zones to imply different contexts...now you use a single zone with different 127.0.0.X addresses to convey the same information. But...you don't actually do anything with that resolution beyond determine if a given record is listed or not. You don't actually need to configure or use the various 127.0.0.X addresses that might get returned. On the other hand, if you're using multiple rbldnsd instances, one per zone... hile it's a pain you can indeed configured rbldns to serve multiple zones. Or just bind the additional loopback instances Precisely! Sorry I apparently wasn't clearer in the beginning. According to my conversations with the author of rbldnsd, rbldnsd was returning REFUSED to all my requests on my FBSD-7 server. Because it was unable to communicate on 127.0.0.2. If it returned REFUSED it could communicate. REFUSED is a DNS rcode so the packet went to the server and a reply was returned. This is a problem with a access control list in the rbldnsd configuration. I can tell you that without ever having run rbldnsd. Even though it was bound to my internet routable IP, it still needed 127.0.0.2, because that was the IP associated with one of my zones (2 in all). However, I had no difficulties using 2 zones on my recent RELENG_6 server, (served out of 127.0.0.2, and 127.0.0.3). /This/ is why I felt there must be some difference between the 2 releases (FBSD). Anyway, I didn't want to spam the list soliciting advice on setting up rbldnsd - I already know how to do that. It just /appeared/ that there was some difference in the handling of lo0, and it's associated IP space. So, as I could find no info in src/UPDATING, or ports/UPDATING, nor the man pages. I thought I'd better ask here. BTW, /etc/netstart is a nice shortcut to avoid fatfingering an ifconfig. Thanks. That's good to know. My first thought, is to probably just assign a different netmask to lo0, in an effort to get the additional IP's. Then see if everything works as well as it did on my RELENG_6 server. Thanks again for your response. I think you really helped clear things up - though I still have no answer as to why there is a difference between the 2. Oh, well. Thank care. --Chris H Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's new on the 127.0.0/24 block in 7?
Quoting Mark Andrews [EMAIL PROTECTED]: Quoting Andy Dills [EMAIL PROTECTED]: On Mon, 3 Mar 2008, Chris H. wrote: Are you sure it's a /24 you are talking about? My 7.0 disks install 127.0.0.1/8 here. Really? Where did you get the install disc? Mine clearly doesn't. :( All I am provided is 127.0.0.1 - not 127.0.0.2,3... 127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0. It doesn't imply a default behavior of binding to any other address than 127.0.0.1. But I'm still really confused what you're trying to do... See, the idea of returning multiple 127.0.0.X addressess within RBL is t o convey different information while using a single zone. In the beginning, the RBLs would just reply with 127.0.0.1 and use different zones to imply different contexts...now you use a single zone with different 127.0.0.X addresses to convey the same information. But...you don't actually do anything with that resolution beyond determi ne if a given record is listed or not. You don't actually need to configure or use the various 127.0.0.X addresses that might get returned. On the other hand, if you're using multiple rbldnsd instances, one per zone... hile it's a pain you can indeed configured rbldns to serve multiple zones. Or just bind the additional loopback instances Precisely! Sorry I apparently wasn't clearer in the beginning. According to my conversations with the author of rbldnsd, rbldnsd was returning REFUSED to all my requests on my FBSD-7 server. Because it was unable to communicate on 127.0.0.2. If it returned REFUSED it could communicate. REFUSED is a DNS rcode so the packet went to the server and a reply was returned. This is a problem with a access control list in the rbldnsd configuration. I can tell you that without ever having run rbldnsd. Yes, of course. Sorry, my bad. RBLDNSD's /log/ files contain REFUSED. The dig, host,nslookup queries return ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 58463 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 Sorry. I should have taken more time to answer. --Chris H Which doesn't change the diagnosis. You are talking to the caching server which is talking to rbldnsd which returns REFUSED. When the caching server runs out of servers to try it returns SERVFAIL to the original querier. P.S. you can test the rbldnsd directly if you want. dig -p port +norec @address query Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
