Re: IPv6 prefix length error
In message <4dbad097.5030...@imperial.ac.uk>, Phil Mayers writes: > On 04/29/2011 03:24 PM, Mark Andrews wrote: > > > > The fix is likely to be a couple of lines of code to retrieve the > > value but without access to the correct documentation or kernel > > source code its hard to work out how to fix it. > > This code apparently works for AIX 5.3: > > http://lists.samba.org/archive/samba-technical/2009-February/063079.html Then the following may fix the issue. I don't have access to a aix to test this at the moment. Index: lib/isc/unix/ifiter_ioctl.c === RCS file: /proj/cvs/prod/bind9/lib/isc/unix/ifiter_ioctl.c,v retrieving revision 1.62 diff -u -r1.62 ifiter_ioctl.c --- lib/isc/unix/ifiter_ioctl.c 18 Jan 2009 23:48:14 - 1.62 +++ lib/isc/unix/ifiter_ioctl.c 30 Apr 2011 03:03:50 - @@ -519,6 +519,7 @@ if ((ifreq.ifr_flags & IFF_LOOPBACK) != 0) iter->current.flags |= INTERFACE_F_LOOPBACK; +#ifndef _AIX if (family == AF_INET) goto inet; @@ -568,6 +569,7 @@ inet: if (family != AF_INET) return (ISC_R_IGNORE); +#endif #ifdef IFF_POINTOPOINT /* * If the interface is point-to-point, get the destination address. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Anyone have problems with BIND 9.8.0
A couple of problems: Firstly, if you are running chrooted and have a recent version of OpenSSL installed, you must either copy the OpenSSL gost cipher engine loadable module into your chroot, or hack the build scripts to disable gost support. The easiest way to do this is to make the obvious one line change to bind's config.h before running make. I could not work out how to make OpenSSL behave. Secondly, bind's automatic trust anchor handl Tony. -- f.anthony.n.finchhttp://dotat.at/ On 28 Apr 2011, at 21:37, Marion Bogdanov wrote: > Folks, > > In my preparation to upgrade from 9.7.3 to 9.8.0. I figured it would be worth > to field the obvious question: has anyone run into any problems in their > upgrade? > > Thanks in advance, > > -Marion > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: key directory in named.conf
On Wed, Apr 27, 2011 at 09:42:30PM +1000, Mark Andrews wrote:
> In message ,
> rams writes:
> > How to declare multiple signed key paths in key-directory. When
> > i declare as follows, named not starting.
> >
> > key-directory {"/var/named/zones";"/root/ramesh/Largezone";}
>
> The syntax is "key-directory ;"
>
> Each zone can only have one key-directory. key-directory is
> inherited from the view/options.
>
> > Please clarify me.
The keys in /root/ramesh/Largezone/ could be moved into the
/var/named/zones/ directory, and symlinked back. But any given zone
in general should not need more than one key-directory. What is the
real problem and goal here?
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv6 prefix length error
On 04/29/2011 03:24 PM, Mark Andrews wrote: The fix is likely to be a couple of lines of code to retrieve the value but without access to the correct documentation or kernel source code its hard to work out how to fix it. This code apparently works for AIX 5.3: http://lists.samba.org/archive/samba-technical/2009-February/063079.html ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv6 prefix length error
In message , "Khuu, Linh Contractor" writes: > Thanks Mark for your recommendation!!! > > However, in the ifconfig -a output, I have: > > lo0: flags=3De08084b T,64BIT> > inet 127.0.0.1 netmask 0xff00 broadcast 127.255.255.255 > inet6 ::1/128 > > But I still see the error in the log "28-Apr-2011 23:58:02.935 general: pre= > fix length for ::1 is unknown (assume 128)" > > As for the prefix length of the IPv6 address of the interface, we have 2001= > :1930:e03::e/48, but the log still show the error of (assume 128). > > Will this error cause any problem with named to resolve IPv6 addresses? > > Linh Khuu > Network Security Specialist > MicroTech ESS Contract > Office: 410-966-0798 > Pager: 410-232-2350 > Email: linh.k...@ssa.gov Please go talk to your OS vendor. There are 1/2 a dozen different way OS vendors do this and most of them are very poorly documented. There is sysctl(), ioctl() 2 or 3 variants, getifaddrs() and /proc/net/if_inet6. Every OS vendor seemed to invent their own method which is a pain for anyone trying to write portable code. The fix is likely to be a couple of lines of code to retrieve the value but without access to the correct documentation or kernel source code its hard to work out how to fix it. Mark > -Original Message- > From: Mark Andrews [mailto:ma...@isc.org]=20 > Sent: Thursday, April 28, 2011 7:53 PM > To: Khuu, Linh Contractor > Cc: 'bind-users@lists.isc.org' > Subject: Re: IPv6 prefix length error > > > In message ov>, > "Khuu, Linh Contractor" writes: > > Hello, > >=20 > > We just added the IPv6 address on our DNS servers. When we started named,= > w=3D > > e see these errors in the log: > >=20 > > prefix length for 2001:1930:e03::e is unknown (assume 128) > > prefix length for ::1 is unknown (assume 128) > >=20 > > So far, named is still running fine... I can't find any information to co= > rr=3D > > ect these errors. > >=20 > > Thanks, > > Linh Khuu > > These are reported because named was unable to determine the prefix > length associated with the address. Usually because no one has > documented the OS specicif method for doing this or it is write > only. > > Please contact your OS vendor so they can address the issue. > > The major implication of not having this information is that the builtin > "localnets" acl will not be complete. Instead of 2001:1930:e03::/64, > assuming it is a /64, it will have 2001:1930:e03::e/128. > > Mark > --=20 > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: IPv6 prefix length error
We're running AIX 5.3 Linh Khuu -Original Message- From: bind-users-bounces+linh.khuu=ssa@lists.isc.org [mailto:bind-users-bounces+linh.khuu=ssa@lists.isc.org] On Behalf Of Phil Mayers Sent: Friday, April 29, 2011 9:57 AM To: bind-users@lists.isc.org Subject: Re: IPv6 prefix length error On 04/29/2011 02:17 PM, Khuu, Linh Contractor wrote: > Thanks Mark for your recommendation!!! > > However, in the ifconfig -a output, I have: > > lo0: > flags=e08084b > inet 127.0.0.1 netmask 0xff00 broadcast 127.255.255.255 > inet6 ::1/128 So? As Mark said, the problem is that: """no one has documented the OS specicif method for doing this or it is write only.""" Sure, the OS tools know it. But named doesn't. What OS & Version are you running? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv6 prefix length error
On 04/29/2011 02:17 PM, Khuu, Linh Contractor wrote: Thanks Mark for your recommendation!!! However, in the ifconfig -a output, I have: lo0: flags=e08084b inet 127.0.0.1 netmask 0xff00 broadcast 127.255.255.255 inet6 ::1/128 So? As Mark said, the problem is that: """no one has documented the OS specicif method for doing this or it is write only.""" Sure, the OS tools know it. But named doesn't. What OS & Version are you running? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: IPv6 prefix length error
Thanks Mark for your recommendation!!! However, in the ifconfig -a output, I have: lo0: flags=e08084b inet 127.0.0.1 netmask 0xff00 broadcast 127.255.255.255 inet6 ::1/128 But I still see the error in the log "28-Apr-2011 23:58:02.935 general: prefix length for ::1 is unknown (assume 128)" As for the prefix length of the IPv6 address of the interface, we have 2001:1930:e03::e/48, but the log still show the error of (assume 128). Will this error cause any problem with named to resolve IPv6 addresses? Linh Khuu Network Security Specialist MicroTech ESS Contract Office: 410-966-0798 Pager: 410-232-2350 Email: linh.k...@ssa.gov -Original Message- From: Mark Andrews [mailto:ma...@isc.org] Sent: Thursday, April 28, 2011 7:53 PM To: Khuu, Linh Contractor Cc: 'bind-users@lists.isc.org' Subject: Re: IPv6 prefix length error In message , "Khuu, Linh Contractor" writes: > Hello, > > We just added the IPv6 address on our DNS servers. When we started named, w= > e see these errors in the log: > > prefix length for 2001:1930:e03::e is unknown (assume 128) > prefix length for ::1 is unknown (assume 128) > > So far, named is still running fine... I can't find any information to corr= > ect these errors. > > Thanks, > Linh Khuu These are reported because named was unable to determine the prefix length associated with the address. Usually because no one has documented the OS specicif method for doing this or it is write only. Please contact your OS vendor so they can address the issue. The major implication of not having this information is that the builtin "localnets" acl will not be complete. Instead of 2001:1930:e03::/64, assuming it is a /64, it will have 2001:1930:e03::e/128. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
