Re: DNS64 - multiple mapping
Hi Gaurav,
My goal is to mapped IPv6 to a specific IPv4 network that is why I use a mapped
{ } in options.
Regards,
Rock
From: Gaurav Kansal gaurav.kan...@nic.in
To: 'Rock July' headgea...@yahoo.com; 'Phil Mayers'
p.may...@imperial.ac.uk; bind-users@lists.isc.org
Sent: Wednesday, May 30, 2012 6:34 PM
Subject: RE: DNS64 - multiple mapping
Why u are using mapped{} options in dns64 conf ???
What we are doing is:
dns64 2001:db8:5200::/96 {
Clients {
2001:db8:1000:10::/64;
2001:db8:20:10::/64;
…….
};
};
From:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org
[mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of
Rock July
Sent: Monday, May 28, 2012 8:05 AM
To: Phil Mayers; bind-users@lists.isc.org
Subject: Re: DNS64 - multiple mapping
Hi Phil,
Thanks. We have multiple IPv4 networks and we want to have different IPv6
address network mapping for each IPv4 manily for security reasons.
Based from your reply, I can add multiple dns64 in options. Should I configure
it like this?
options {
directory /var/cache/bind;
auth-nxdomain no;
listen-on-v6 { any; };
allow-query { any; };
dns64 2001:db8:1:::/96 {
clients { any; };
mapped { 10.10.10.0/24; };
};
dns64 2001:db9:1:::/96 {
clients { any; };
mapped { 10.10.20.0/24; };
};
};
Thanks
From:Phil Mayers p.may...@imperial.ac.uk
To: bind-users@lists.isc.org
Sent: Thursday, May 24, 2012 4:15 PM
Subject: Re: DNS64 - multiple mapping
On 05/24/2012 07:36 AM, Rock July wrote:
Hi All,
Is it possible for me to add multiple dns64 in options? I want to have
Yes.
different IPv6 prefix for each IPv4 network address.
I don't know what the means, but the dns64 option takes a quite comprehensive
set of ACLs to match client and original packet A address(es) as well as other
options. Perhaps you should read the ARM?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
DNS64 - multiple mapping
Hi All, Is it possible for me to add multiple dns64 in options? I want to have different IPv6 prefix for each IPv4 network address. If not, what are the other possible options? Thanks, Rock___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slave DNS zone problem
Hi Dave, Hi All, I have a problem with one of my DNS. This DNS is configured as slave and have two masters (hosting different domains). Recently, I changed the IP of one of the master DNS then all domains under that master DNS cannot be resolved on the slave DNS although the zone files keeps on updating. Are you checking the slave to make sure that the updated zone is actually being transferred? The updated zone are being transferred to slave successfully. Also, I just noticed that all new domains created on the two master DNS cannot be resolved in the slave DNS but the zone file is updated. I am getting SERVFAIL error. Are you configuring the slave server to be authoritative for these new zones? Yes, my slave server is configured to be authoritative. Thanks and Best Regards, Francis Lucero From: Dave Sparro dspa...@gmail.com To: bind-users@lists.isc.org Sent: Thu, September 9, 2010 11:10:02 PM Subject: Re: Slave DNS zone problem On 9/9/2010 4:43 AM, Rock July wrote: Hi All, I have a problem with one of my DNS. This DNS is configured as slave and have two masters (hosting different domains). Recently, I changed the IP of one of the master DNS then all domains under that master DNS cannot be resolved on the slave DNS although the zone files keeps on updating. Are you checking the slave to make sure that the updated zone is actually being transferred? Also, I just noticed that all new domains created on the two master DNS cannot be resolved in the slave DNS but the zone file is updated. I am getting SERVFAIL error. Are you configuring the slave server to be authoritative for these new zones? -- Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slave DNS zone problem
Hi Philippe, I tried the zone xfer by hand and it was successful. Actually, all the zones are being transferred to slave successfully, the only problem is when I try to resolve the hosts from the slave DNS, I am getting SERVFAIL error. What other things that I could check? Thanks and Best Regards, Rock From: philippe.simo...@swisscom.com philippe.simo...@swisscom.com To: headgea...@yahoo.com; Sent: Thu, September 9, 2010 5:06:40 PM Subject: RE: Slave DNS zone problem Hi just a small check : try connectivity and zone xfer by hand, just to see if an ACL in not blocking it : on the slave : dig @master.com zone.com axfr Philippe From:bind-users-bounces+philippe.simonet=swisscom@lists.isc.org [mailto:bind-users-bounces+philippe.simonet=swisscom@lists.isc.org] On Behalf Of Rock July Sent: Thursday, September 09, 2010 10:43 To: bind-users@lists.isc.org Subject: Slave DNS zone problem Hi All, I have a problem with one of my DNS. This DNS is configured as slave and have two masters (hosting different domains). Recently, I changed the IP of one of the master DNS then all domains under that master DNS cannot be resolved on the slave DNS although the zone files keeps on updating. For other slave DNS, still works fine. Also, I just noticed that all new domains created on the two master DNS cannot be resolved in the slave DNS but the zone file is updated. I am getting SERVFAIL error. I also tried named-checkconf and named-checkzone but no error found. What are the others things/parameters taht I should check? Thanks and Regards, Rock ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Slave DNS zone problem
Hi All, I have a problem with one of my DNS. This DNS is configured as slave and have two masters (hosting different domains). Recently, I changed the IP of one of the master DNS then all domains under that master DNS cannot be resolved on the slave DNS although the zone files keeps on updating. For other slave DNS, still works fine. Also, I just noticed that all new domains created on the two master DNS cannot be resolved in the slave DNS but the zone file is updated. I am getting SERVFAIL error. I also tried named-checkconf and named-checkzone but no error found. What are the others things/parameters taht I should check? Thanks and Regards, Rock ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: reject or drop AAAA queries
Hi Alan, Thanks for the help. Regards, Rock From: Alan Clegg acl...@isc.org To: bind-users@lists.isc.org Sent: Fri, July 23, 2010 11:45:08 AM Subject: Re: reject or drop queries On 7/22/2010 8:42 PM, Rock July wrote: This is my current setup right now and the reason why I want to reject or drop the queries; PC Clients: XP, Vista and 7 (Vista and 7 clients are sending both A and queries) send queries to DNS A. DNS A: will just forward the query to My DNS MyDNS: will query to DNS B in behalf of DNS A. DNS B: hosting the domain name (sample: xxx.test.com) DNS B only hosting A record for xxx.test.com so when it receive query, it respond no such name or NXDOMAIN. This result causes negative caching on MyDNS and name resolution will also fail for other client computers. I only have control on MyDNS so I am thinking if there is any way that I can reject/drop those queries so it will not query to DNS B. If the server at DNS B is responding with NXDOMAIN to a query for XXX.TEST.COM when XXX.TEST.COM A exists, then you need to find someone else to host TEST.COM as DNS B is broken. AlanC ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv6 Records on an IPv4 Network
Windows Vista and 7 clients will query both type A and query even only
IPv4
interface is enabled. If I put the option filter--on-v4 {yes;};, will my
DNS reject the queries?
Thanks
Rock
From: Phil Mayers p.may...@imperial.ac.uk
To: bind-users@lists.isc.org
Sent: Thu, July 22, 2010 3:45:29 PM
Subject: Re: IPv6 Records on an IPv4 Network
On 07/21/2010 10:10 PM, Martin McCormick wrote:
This is admittedly not a bind question, but it has
become a major nag factor and I am not sure what to recommend.
We delegate our Microsoft Active Directory zone to
Microsoft domain controllers and they have stuffed their zone
with about 750 AAA records and all are publicly visible if one
does a lookup. even the top level of the AD domain has 10 IPv6
Yes. This is windows' default behaviour.
responses, one for each controller. The AD admins say that IPv6
is turned off and that the work stations register IPv6 addresses
automatically and so forth, but the final truth is that they are
If IPv6 is turned off, the windows machines should not be registering IPv6
addresses. Maybe IPv6 was turned on in the past, and they haven't been
garbage-collected for some reason? (Windows DNS records which were inserted by
dynamic update are supposed to be garbage collected if left untouched after 7
days IIRC)
there, however they got there, and other systems will get the
records when they try to resolve the host name.
Recently, there was a Microsoft update which appears to
cause the resolvers on these Windows7 systems to favor
IPv6 records first and now I am getting reports of timeouts from
Windows boxes looking up other Windows boxes.
I don't think this is true - I think windows has *always* preferred a
lookup under all versions with IPv6 support.
However, windows should only be making lookups if the client itself has an
IPv6 address. Clients without IPv6 addresses will only make A lookups.
What I am asking the list is whether or not anybody
knows of a way to get the Microsoft controllers to ignore the
IPv6 registrations. Having 0 IPv6 records would probably solve
the problem until the day we get a IPv6 allocation and make our
nework IPv6 capable. As of now, it is a down right nuisance. I
am running bind in its default mode where it could handle both
IPv4 and IPv6 addresses, but we have no IPv6 addresses at all in
the zones that we do not delegate. I believe that if I ran bind
in IPv4-only mode, it would make no difference because the
problem zone is delegated. If I am wrong about that, please let
me know.
Correct, that won't help.
(In fact, even in IPv4 mode, bind supports records. The content of the DNS
records is unrelated to the transport)
You have two issues, neither of which are bind-related:
1. Clients and servers have registered IPv6 addresses via DDNS. They *must*
have
had IPv6 enabled for this to happen. Either they still do have IPv6 enabled, or
they don't and the records haven't been garbage collected.
2. Some clients are making and using lookups. Again, the clients MUST have
an IPv6 address if this is the case.
Basically you have some IPv6 somewhere inside your network. Maybe someone has
brought up a tunnel and turned on internet connection sharing - we've had
problems with that.
Also, about turning IPv6 off - don't do that. Microsoft test with it turned on,
and some windows components expect to be able to talk to themselves locally on
IPv6 (I think newer versions of IIS do this for example). Again, we've had
problems with apps when server admins have disabled IPv6.
Take a look at one of the clients - I'm fairly sure you'll find they have IPv6
somewhere. You might need to investigate blocking it internally if someone has
leaked it in using connection sharing - see:
http://tools.ietf.org/html/draft-ietf-v6ops-ra-guard-06
HTH
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
reject or drop AAAA queries
Hi All,
I just want to know if I put listen--on-v4 {yes;}; on opetions of
named.conf, will my DNS drop or reject all queries by IPv4 clients?
Thanks,
Rock July
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: reject or drop AAAA queries
This is my current setup right now and the reason why I want to reject or drop
the queries;
PC Clients: XP, Vista and 7 (Vista and 7 clients are sending both A and
queries) send queries to DNS A.
DNS A: will just forward the query to My DNS
MyDNS: will query to DNS B in behalf of DNS A.
DNS B: hosting the domain name (sample: xxx.test.com)
DNS B only hosting A record for xxx.test.com so when it receive query, it
respond no such name or NXDOMAIN.
This result causes negative caching on MyDNS and name resolution will also fail
for other client computers.
I only have control on MyDNS so I am thinking if there is any way that I can
reject/drop those queries so it will not query to DNS B.
Regards,
Rock
From: Mark Andrews ma...@isc.org
To: Rock July headgea...@yahoo.com
Cc: Bind Users bind-users@lists.isc.org
Sent: Fri, July 23, 2010 6:37:41 AM
Subject: Re: reject or drop queries
In message 210229.86286...@web120110.mail.ne1.yahoo.com, Rock July writes:
Hi All,
I just want to know if I put listen--on-v4 {yes;}; on opetions of
named.conf, will my DNS drop or reject all queries by IPv4 clients?
The option is filter--on-v4. Additionally filter- can be used
to only apply the filter to some IPv4 clients.
We also recommend that you fix the underlying condition.
Thanks,
Rock July
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
BIND upgrade Solaris 10 SPARC
Hi All, I am a newbie in BIND. I want to ask for your help on how to upgrade the BIND version of my DNS. I am using Solaris 10 SPARC and my current BIND version is BIND 9.6.0-P1. I am planning to upgrade to the latest BIND version, BIND 9.7.1-P2. What are the requirements and procedure for the upgrade? If I plan to revert to my old BIND version, what are the steps? Thanks and Regards, Rock ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
