Thanks for reply.
But a client's network is ipv6 network.
Client obtains a ipv6 address. Then client connect to global ipv6 address over
oversea.
But client obtains a ipv4 address(DNS64 translated ipv6 address).
Then client connect to NAT64, and connect to local ipv4 service(ex: CDN).
I tried
Dear all,
BIND9 (and not Unbound, PowerDNS Recursor, Google Public DNS) is failing
to validate the following non-existent domain name:
dig @184.105.193.73 ABCD._openpgpkey.posteo.de A +dnssec
; <<>> DiG 9.8.3-P1 <<>> @184.105.193.73 ABCD._openpgpkey.posteo.de A
+dnssec
; (1 server found)
;; glob
Daniel Stirnimann wrote:
>
> BIND9 (and not Unbound, PowerDNS Recursor, Google Public DNS) is failing
> to validate the following non-existent domain name:
>
> dig @184.105.193.73 ABCD._openpgpkey.posteo.de A +dnssec
>
> I believe, the reason for the validation error for the above domain name
> is
* Jim Popovitch [2016-10-10 23:42]:
> On Mon, Oct 10, 2016 at 7:51 AM, Sebastian Wiesinger
> wrote:
> >
> > http://dnsviz.net/d/blau.beer/V_tTtQ/dnssec/
> >
> > After the DS TTL expired I removed the old DS, so the zone now looks
> > like this:
> >
> > http://dnsviz.net/d/blau.beer/V_t2Hg/dnssec/
Exclude Facebook's IPv6 range.
dns64 {
exclude {
:::0:0/96; // mapped addresses
2a03:2880::/29; // Facebook
};
};
In message <389ab5475d0a441a9cc175f0326e5...@skt-tnetpmx2.skt.ad>, LEE SUKMOON
writes:
>
> Thanks for reply.
Thank you.
Your advice is very well done. Thank you again.
But /29 prefix is not work. /32 prefix is good work.
dns64 64:ff9b::/96 {
clients { acl_ipv6; ::1; };
exclude {
2a03:2880::/32; // Facebook
};
};
[root@DNS_STG:/root] $ dig @::1 m.facebook.com
I don't understand why you are saying "But /29 prefix is not work."
FaceBook is 2a03:2880::/29 and the acl code should handle this.
Mark
[rock:~/git/bind9/xx] marka% whois -r 2a03:2880::
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is sub
Sorry. I made mistake.
/29 prefix is good work.
My dns is use expired cache before update cache.
(below 600 TTL is expired cache.)
Thanks.
[root@DNS_STG:/root] $ dig @::1 m.facebook.com
; <<>> DiG 9.9.9-P3_NLIA_NS_160928 <<>> @::1 m.facebook.com
; (1 server found)
;; global options:
8 matches
Mail list logo