Wouter, Thank you for taking the time to review my issue. One more question, is this a patchable fix and or something that will be available in future releases of Unbound?
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Friday, March 22, 2013 5:52 AM To: [email protected] Subject: Unbound-users Digest, Vol 64, Issue 15 Send Unbound-users mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Unbound-users digest..." Today's Topics: 1. Private-address SERVFAIL (Ehren Hawks) 2. Re: Reply Email Going To User Instead of Mailing-List, Pls Fix (Bry8 Star) 3. Re: Reply Email Going To User Instead of Mailing-List, Pls Fix (Miek Gieben) 4. Re: Reply Email Going To User Instead of Mailing-List, Pls Fix (Jaap Akkerhuis) 5. Re: Reply Email Going To User Instead of Mailing-List, Pls Fix (David Benfell) 6. Re: Private-address SERVFAIL (W.C.A. Wijngaards) ---------------------------------------------------------------------- Message: 1 Date: Thu, 21 Mar 2013 16:01:36 -0400 From: "Ehren Hawks" <[email protected]> To: <[email protected]> Subject: [Unbound-users] Private-address SERVFAIL Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Today I had to disable private address stripping of 10.0.0.0/8 because it was leading to SERVFAILS when looking up echannel.stateauto.com I'm running Unbound 1.4.16 on Centos 6.2 Name : unbound Arch : x86_64 Version : 1.4.16 Release : 1.el6 The following dig shows the presence of private addresses in the additional section. I thought by default Unbound would strip these addresses when using the respective private addresss: option in the config, but it appears to be leading to lookup failures. I haven't a clue what else I should look at, if I should modify my config or what. Thanks for guidance. [CDNS1]# dig @174.47.194.100 echannel.stateauto.com ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @174.47.194.100 echannel.stateauto.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50513 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 5 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;echannel.stateauto.com. IN A ;; AUTHORITY SECTION: echannel.stateauto.com. 3600 IN NS dc1gss.stateauto.com. echannel.stateauto.com. 3600 IN NS colgss.stateauto.com. echannel.stateauto.com. 3600 IN NS irogss.stateauto.com. ;; ADDITIONAL SECTION: dc1gss.stateauto.com. 3600 IN A 10.30.252.102 dc1gss.stateauto.com. 3600 IN A 174.47.194.102 colgss.stateauto.com. 3600 IN A 66.192.197.102 colgss.stateauto.com. 3600 IN A 10.25.252.102 irogss.stateauto.com. 3600 IN A 63.86.19.102 ;; Query time: 26 msec ;; SERVER: 174.47.194.100#53(174.47.194.100) ;; WHEN: Thu Mar 21 15:44:22 2013 ;; MSG SIZE rcvd: 205 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/9 02d31f9/attachment-0001.html> ------------------------------ Message: 2 Date: Thu, 21 Mar 2013 13:19:43 -0700 From: Bry8 Star <[email protected]> To: [email protected] Subject: Re: [Unbound-users] Reply Email Going To User Instead of Mailing-List, Pls Fix Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Hi Paul, Miek Gieben, I sent similar emails to others (not only to you), to show/demonstrate, when someone subscribing to a mailing-list, then he/she expect emails coming via/from the mailing-list, not from a person directly. It is not right to send email directly to a user or few users only. Initial posting and other posting are intended to be shared with ALL subscribers. i also have close to 200 or over mailing-list subscription, let me REPEAT, NONE are like this nlnetlab mailing-list. every other mailing-list ... when "Reply" button is pressed on any posting, then Thunderbird opens new email and places the mailing-list email address in the "To:" field, (except nlnetlabs.nl list). That is what i'm expecting. I DO NOT WANT ANY PERSON/USER TO SEND ME EMAIL DIRECTLY. I SUBSCRIBED to MAILING-LIST EMAIL-ADDRESS ONLY, NOT to a person's email. That's what i wanted all to understand. If you cannot do that, then you should also place a notice in subscription page that other users will start to email you directly, when you subscribe. AND WHEN YOU REPLY ... MAKE SURE YOU HAVE PLACED ONLY ONE EMAIL ADDRESS [email protected] IN THE "To:" FIELD, NO NEED TO FILL "Cc:" or "Bcc:", REMOVE "Cc:" & "Bcc:". THANK YOU. -- Bright Star. Received from Paul Wouters, on 2013-03-21 12:31 PM: > On Thu, 21 Mar 2013, Bry8 Star wrote: > > Please get a life. You'ev now been kill filed in my procmailrc, so if > you ever want to ask unbound questions again, I guess I won't hear > them. > > Paul > >> Hi Paul Wouters, >> i'm including your sent email's HEADERS, except the "X-YMailISG:" >> header. >> >> Why are you sending email to me ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! >> ! ! ! ! ! ! ! ! ! ! ! ! >> >> PLEASE DO NOT SEND EMAIL TO ME. >> >> SEND IT TO MAILING-LIST ONLY. >> >> I HAVE APPROVED/ALLOWED ONLY MAILING-LIST TO SEND ME EMAIL. >> >> NOT ANYBODY ELSE. >> -- Bright Star. >> >> X-Apparently-To: [email protected] via 98.139.211.135; Thu, 21 Mar >> 2013 18:35:08 +0000 >> Return-Path: <[email protected]> >> Received-SPF: none (domain of nohats.ca does not designate permitted >> sender hosts) >> X-YMailISG: ... >> X-Originating-IP: [193.110.157.68] >> Authentication-Results: mta1164.mail.ne1.yahoo.com from=nohats.ca; >> domainkeys=neutral (no sig); from=nohats.ca; dkim=neutral (no sig) >> Received: from 127.0.0.1 (EHLO mx.nohats.ca) (193.110.157.68) by >> mta1164.mail.ne1.yahoo.com with SMTP; Thu, 21 Mar 2013 18:35:04 >> +0000 >> Received: from localhost (localhost [IPv6:::1]) >> by mx.nohats.ca (Postfix) with ESMTP id 3ZWxW9087Tz9YX; >> Thu, 21 Mar 2013 14:35:01 -0400 (EDT) >> X-Virus-Scanned: amavisd-new at mx.nohats.ca >> Received: from mx.nohats.ca ([IPv6:::1]) >> by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) >> with ESMTP id oDE92QPQbn1B; Thu, 21 Mar 2013 14:34:59 -0400 (EDT) >> Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) >> by mx.nohats.ca (Postfix) with ESMTP; >> Thu, 21 Mar 2013 14:34:59 -0400 (EDT) >> Received: by bofh.nohats.ca (Postfix, from userid 500) >> id 2467C80BC4; Thu, 21 Mar 2013 14:35:00 -0400 (EDT) >> Received: from localhost (localhost [127.0.0.1]) >> by bofh.nohats.ca (Postfix) with ESMTP id 17A3780862; >> Thu, 21 Mar 2013 14:35:00 -0400 (EDT) >> Date: Thu, 21 Mar 2013 14:35:00 -0400 (EDT) >> From: Paul Wouters <[email protected]> >> To: Joe Abley <[email protected]> >> cc: [email protected] >> Subject: Re: [Unbound-users] Reply Email Going To User Instead of >> Mailing-List, Pls Fix >> In-Reply-To: <[email protected]> >> Message-ID: <[email protected]> >> References: <[email protected]> >> <[email protected]> >> <cagwp77p8bec0ov+m8vgdzet+xg957z5yc9kwzcbu01zpzgr...@mail.gmail.com> >> <[email protected]> >> <[email protected]> >> User-Agent: Alpine 2.10 (LFD 1266 2009-07-14) >> MIME-Version: 1.0 >> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed >> Content-Length: 227 >> >> >> >> >> Received from Paul Wouters, on 2013-03-21 11:35 AM: >>> On Thu, 21 Mar 2013, Joe Abley wrote: >>> >>>> Subject: Re: [Unbound-users] Reply Email Going To User Instead of >>>> Mailing-List, Pls Fix >>> >>> Baby... bath water.... >>> >>> Take it off list? I've gone through enough of these "discussions". >>> >>> Paul >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/3 3d752b5/attachment-0001.sig> ------------------------------ Message: 3 Date: Thu, 21 Mar 2013 21:40:32 +0100 From: Miek Gieben <[email protected]> To: [email protected] Subject: Re: [Unbound-users] Reply Email Going To User Instead of Mailing-List, Pls Fix Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" [ Quoting <[email protected]> in "Re: [Unbound-users] Reply Email Goi..." ] > Hi Paul, Miek Gieben, > I sent similar emails to others (not only to you), to > show/demonstrate, when someone subscribing to a mailing-list, then > he/she expect emails coming via/from the mailing-list, not from a > person directly. As Paul said: kill-file Good bye, thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/a 3581fd4/attachment-0001.sig> ------------------------------ Message: 4 Date: Thu, 21 Mar 2013 21:58:26 +0100 From: Jaap Akkerhuis <[email protected]> To: [email protected] Cc: [email protected] Subject: Re: [Unbound-users] Reply Email Going To User Instead of Mailing-List, Pls Fix Message-ID: <[email protected]> Please, stop sending off-topic messages to this list. If you really don't like the way the mailing list is run, you can always unsubscribe. jaap ------------------------------ Message: 5 Date: Thu, 21 Mar 2013 20:18:36 -0700 From: David Benfell <[email protected]> To: [email protected] Subject: Re: [Unbound-users] Reply Email Going To User Instead of Mailing-List, Pls Fix Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/21/2013 01:19 PM, Bry8 Star wrote: > Hi Paul, Miek Gieben, I sent similar emails to others (not only to > you), to show/demonstrate, when someone subscribing to a mailing-list, > then he/she expect emails coming via/from the mailing-list, not from a > person directly. > You are seeking to enforce what is, for all practical purposes, a Reply-To policy. In open source software lists, there are many who consider Reply-To evil. I happen not to agree with that evaluation, but from what I've seen, it has majority acquiescence, if not support. My advice has to be, give it up. You are not going to win this battle. What you will do instead is end up being banned. Which means you lose. End of story. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRS82LAAoJELJhbl/uPb4S1YgP/jheTe421iwc1E75Np2PA8EL +fWC4edoOl7jP36NYony0TP4tXoPxdw5ZrnxbEpN8e1kblSLPmF0x/xG3BH5HGgF kcQbHN/6TPQOHzrkqBjYLkuRs/EYMbhtUHljcoBNAPzTLcVRxZ701cef1THns+k5 KgnbHgL1RMi5oa71Xi7Zm0rc5OMSBONCpQofuQAv4uEOCNYq9BzuisWOP3WU4xou rECXbmevKy5L107qSeRSKtOTf7Mg2A37taZ2BXVzkiq4yXvDKwNex5t+MNZAPdvv GH0KWXq2Xw1WffGlq0uoD6K3Vg998XXei3gbQwc2W9UjouhYnlHnEujHkLCkLwb+ E78gAYVJFkr6lLEo6tVarLGCTaiS07UAtEhrqVdibPVQqXSRrK0ilZr+bVl6Pn/S LmvjiK7kDF6k9UP2kNpnvMwSE+5JwyA+l2ZP6HtbEmppAeuJ53WtMKPDSqaipQGK xB2QGGdE7p0yTMm72qMnZpuYM8y4R4Us6fqMK97xc0a+qKSyoqWW2Jt2Qbv0i5yi bmDriVjDJAbnhtovz/FVfC/VqusZMW0/8NJxNlxIRVT2cip6D8yKa+aYZiPDStQf 8GeFh7ZpTHQivEP9q3ygLnWOrERGmSgJS8m9LtpdoO0eB94SnQtVBjNdNWjGjlRt XexaPdXGz1HNBvs7uYa7 =kQhf -----END PGP SIGNATURE----- ------------------------------ Message: 6 Date: Fri, 22 Mar 2013 10:52:05 +0100 From: "W.C.A. Wijngaards" <[email protected]> To: [email protected] Subject: Re: [Unbound-users] Private-address SERVFAIL Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ehren, On 03/21/2013 09:01 PM, Ehren Hawks wrote: > Today I had to disable private address stripping of 10.0.0.0/8 because > it was leading to SERVFAILS when looking up echannel.stateauto.com Thank you for the bug report, this is a bug in the private address code where it removes the entire RRset. It is fixed to remove the RR (and the RRset if it becomes empty (and thus also removes its RRSIGs (if any)). That fixes the lookup for this domain name. It leaves the publicly accessible addresses intact, and the domain then resolves. > > I?m running Unbound 1.4.16 on Centos 6.2 > > > > Name : unbound > > Arch : x86_64 > > Version : 1.4.16 > > Release : 1.el6 > > > > The following dig shows the presence of private addresses in the > additional section. I thought by default Unbound would strip these > addresses when using the respective private addresss: option in the > config, but it appears to be leading to lookup failures. I haven?t a > clue what else I should look at, if I should modify my config or what. > Thanks for guidance. Another interesting thing is that this domain seems to discard incoming queries with the ADflag. Which is turned on by default in dig 9.9. dig +noad works fine. Best regards, Wouter > > [CDNS1]# dig @174.47.194.100 echannel.stateauto.com > > > > ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @174.47.194.100 > echannel.stateauto.com > > ; (1 server found) > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50513 > > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 5 > > ;; WARNING: recursion requested but not available > > > > ;; QUESTION SECTION: > > ;echannel.stateauto.com. IN A > > > > ;; AUTHORITY SECTION: > > echannel.stateauto.com. 3600 IN NS > dc1gss.stateauto.com. > > echannel.stateauto.com. 3600 IN NS > colgss.stateauto.com. > > echannel.stateauto.com. 3600 IN NS > irogss.stateauto.com. > > > > ;; ADDITIONAL SECTION: > > dc1gss.stateauto.com. 3600 IN A 10.30.252.102 > > dc1gss.stateauto.com. 3600 IN A 174.47.194.102 > > colgss.stateauto.com. 3600 IN A 66.192.197.102 > > colgss.stateauto.com. 3600 IN A 10.25.252.102 > > irogss.stateauto.com. 3600 IN A 63.86.19.102 > > > > ;; Query time: 26 msec > > ;; SERVER: 174.47.194.100#53(174.47.194.100) > > ;; WHEN: Thu Mar 21 15:44:22 2013 > > ;; MSG SIZE rcvd: 205 > > > > _______________________________________________ Unbound-users mailing > list [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRTCnFAAoJEJ9vHC1+BF+NRU0P/2k8UchYFkFoME5o4k7V871+ 9cWvIYNo9wV9HND/WqVnIYr1R5oBvJkmV1wsIcjRt3ZQhg0Hrwjoxd+zNWfr00M5 dnx+52p+tEc8lpEw7feEF134aKXej3VcXXHnsiHVB1IggkVOM4/cmQkLshBcUEHt BtaqYQxO3StYdRHQRHoKNaxSXVRO2VCzyO090iK4zeh2jhNs3xpforSNqiR+jJt0 T52n0F4QsoPQqvopLzRW+D5nBPIF+TrokYhJuAnIUW5nYRUlIvs8JwxJO9Vs7z1n zuo0+eEPSL5qo43Y9TB1nap62oDfr44SyiniovfIIvW923Nsj4gsAYgMr7KuwvMU zUviFqVKF9b6Vgs2xzPLHX8/nNT8SafgC5Xlsd0C2RpVgTdhlDMQ0V6EPa1R1x3g PtLZzIt8HK86NSZDcjVv/qPeDX7qEmGrBUVvUGJ63vO++1+E2X+eS8xraNwTjix0 wFOsYgCtmU/DZ7jNs5gfLmnN8stH7qzebk12LSRMZ5U45cADq80suy8OdKyqSYaK X7dQM1/plweTvDBxO38bwysqwRdM3Aj3uLNNK6a71KyyrZm+7XhZSBG7lQeBUy8H MrpnWQJC3k7Xkb0UD/w83O0CK65fWX4SYyfC431ZB1+IwUuis4af9d2lfJfdB2Ef yna3+WLTtPmvmHHMKS1G =dFX5 -----END PGP SIGNATURE----- ------------------------------ _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users End of Unbound-users Digest, Vol 64, Issue 15 ********************************************* _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
