Re: Convice Bind to listen on IP alias with a range of IPs.
On 5/1/12 2:32 PM, "Augie Schwer" wrote: >> Contrary to what a lot of other people have suggested, it is in fact >> possible using the socket API to bind() to IPs which aren't explicitly >> created, due to special handling on the loopback interface. This can >> certainly be done under Linux, for example., and I have just re-confirmed >> that to myself. > > Thank you for confirming for others that this is a real feature. The feature wasn't argued, I even showed it working with 127/8, but rather what BIND will listen-on... >> Unfortunately, it seems likely that named is using the normal socket APIs to >> first enumerate the list of IPs on the box, and then filter those through >> listen-on statements to get the final list of IPs to pass to a bind() socket >> call - this would be a sensible way to implement the CIDR listen >> functionality. >> If so, then if the IP isn't *explicitly* on an interface, it won't appear in >> the final output set, regardless of the fact a bind() call will succeed. > > OK, that makes sense, I have found that the following work-around does work: > > sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > sudo ifconfig lo:2 10.0.0.2 netmask 255.255.255.255 > > I get the full usable range on my loop-back interface, and Bind will > happily now listen-on the 10.0.0.2 address. Exactly what was answered by multiple people... you need an alias with the IP you want BIND to listen-on! Alas, the English language is such that some times the same thing needs said several different ways to be fully understood. Glad you got it working. -- For men use, if they have an evil turn, to write it in marble: and whoso doth us a good turn we write it in dust. -- Sir Thomas More ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On Tue, May 1, 2012 at 2:00 AM, Phil Mayers wrote: > Which operating system are you running? Linux, I'm sorry I did not mention that earlier as it may have saved some confusion. > Contrary to what a lot of other people have suggested, it is in fact > possible using the socket API to bind() to IPs which aren't explicitly > created, due to special handling on the loopback interface. This can > certainly be done under Linux, for example., and I have just re-confirmed > that to myself. Thank you for confirming for others that this is a real feature. > Unfortunately, it seems likely that named is using the normal socket APIs to > first enumerate the list of IPs on the box, and then filter those through > listen-on statements to get the final list of IPs to pass to a bind() socket > call - this would be a sensible way to implement the CIDR listen > functionality. > If so, then if the IP isn't *explicitly* on an interface, it won't appear in > the final output set, regardless of the fact a bind() call will succeed. OK, that makes sense, I have found that the following work-around does work: sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 sudo ifconfig lo:2 10.0.0.2 netmask 255.255.255.255 I get the full usable range on my loop-back interface, and Bind will happily now listen-on the 10.0.0.2 address. -- Augie Schwer - au...@schwer.us - http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
In article , Larry Brower wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 04/30/2012 07:13 PM, Augie Schwer wrote: > > Thanks for the reply, please see my previous e-mail about the address > > being perfectly pingable on that interface. > > > > Whats that have to do with anything? It being pingable only means > something is responding for it. This does NOT mean it is on THAT > specific server. If it is not on THAT server then bind cant use it. It's the loopback network. What other server could it be? As others pointed out, this is apparently a Linux extension to the loopback interface -- giving it a wider subnet mask automatically aliases the other addresses in the range. But this is done in a way that BIND can't take advantage of through the normal socket calls. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 05/01/2012 10:00 AM, Phil Mayers wrote: So you might be being a bit too clever, and foxing the named socket code I'm afraid. That should of course be "the named socket code is foxing you". Sigh. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 04/30/2012 10:56 PM, Augie Schwer wrote: I must be doing something wrong, because what I want to do doesn't seem that difficult. I have a range of IPs bound to a local interface: lo:1 Link encap:Local Loopback inet addr:10.0.0.1 Mask:255.255.255.224 And I want to convince Bind to listen on sub-set of the given range ( 10.0.0.2 for example ), yet when I configure that IP: Which operating system are you running? Contrary to what a lot of other people have suggested, it is in fact possible using the socket API to bind() to IPs which aren't explicitly created, due to special handling on the loopback interface. This can certainly be done under Linux, for example., and I have just re-confirmed that to myself. I assume, because of the phrasing of your question, that your OS does indeed have this feature, and you've tested it working with other applications (even if as simple as netcat)? Unfortunately, it seems likely that named is using the normal socket APIs to first enumerate the list of IPs on the box, and then filter those through listen-on statements to get the final list of IPs to pass to a bind() socket call - this would be a sensible way to implement the CIDR listen functionality. If so, then if the IP isn't *explicitly* on an interface, it won't appear in the final output set, regardless of the fact a bind() call will succeed. So you might be being a bit too clever, and foxing the named socket code I'm afraid. Cheers, Phil ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/12 10:17 PM, "Mark Andrews" wrote: > The fact that you can ping them just means that you have a kernel > bug. Yeah, the bug is using Linux. ;-) -- Don't worry about avoiding temptation -- as you grow older, it starts avoiding you. -- The Old Farmer's Almanac ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
In message , michoski writes: > On 4/30/12 4:14 PM, "Augie Schwer" wrote: > > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > > > > augie@augnix:~$ ifconfig lo:1 > > lo:1 Link encap:Local Loopback > > inet addr:10.0.0.1 Mask:255.255.255.224 > > > > augie@augnix:~$ ping 10.0.0.2 -c 1 > > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms > > > > --- 10.0.0.2 ping statistics --- > > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > > > > Given all that, can anyone suggest a reason why Bind won't listen on > > that address? > > No, we all saw the netmask. > > A few tried to point out the answer...you first need to get the desired > aliases UP on the system for BIND to listen-on. > > For example, loopback is 127/8 so I can ping all those addresses: > > OPS:507 r...@dev-ops-test11.vega:mhoskins# ifconfig lo > loLink encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:32 errors:0 dropped:0 overruns:0 frame:0 > TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:8148 (7.9 KiB) TX bytes:8148 (7.9 KiB) > > OPS:508 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.2 > PING 127.0.0.2 (127.0.0.2) 56(84) bytes of data. > 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms > > --- 127.0.0.2 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.012/0.012/0.012/0.000 ms > > OPS:509 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.3 > PING 127.0.0.3 (127.0.0.3) 56(84) bytes of data. > 64 bytes from 127.0.0.3: icmp_seq=1 ttl=64 time=0.011 ms > > --- 127.0.0.3 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.011/0.011/0.011/0.000 ms The fact that you can ping them just means that you have a kernel bug. % ifconfig lo0 lo0: flags=8049 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet 10.53.0.1 netmask 0x inet6 fd92:7065:b8e:::1 prefixlen 64 inet 10.53.0.2 netmask 0x inet6 fd92:7065:b8e:::2 prefixlen 64 inet 10.53.0.3 netmask 0x inet6 fd92:7065:b8e:::3 prefixlen 64 inet 10.53.0.4 netmask 0x inet6 fd92:7065:b8e:::4 prefixlen 64 inet 10.53.0.5 netmask 0x inet6 fd92:7065:b8e:::5 prefixlen 64 inet 10.53.0.6 netmask 0x inet6 fd92:7065:b8e:::6 prefixlen 64 inet 10.53.0.7 netmask 0x inet6 fd92:7065:b8e:::7 prefixlen 64 inet 10.53.0.50 netmask 0x inet 10.53.0.60 netmask 0x inet 10.53.0.70 netmask 0x inet 10.53.0.80 netmask 0x inet 10.53.0.90 netmask 0x inet 10.53.0.100 netmask 0x inet 10.53.0.110 netmask 0x inet 10.53.0.120 netmask 0x inet 10.53.0.130 netmask 0x inet 10.53.0.140 netmask 0x inet 10.53.0.150 netmask 0x inet 10.53.0.160 netmask 0x inet 10.53.0.170 netmask 0x % ping 127.0.0.45 PING 127.0.0.45 (127.0.0.45): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 ^C --- 127.0.0.45 ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss % > However, I can't bind daemons to 127.0.0.2, etc. until I configure lo:0, > etc. aliases for those addresses! If your ifconfig output doesn't show the > IP you want to listen-on, it won't work. This is how it's been as long as > I've been alive. > > If this is hard to believe, try adding a 10.0.0.2 (or whatever) loopback > alias with a netmask of 255.255.255.255 (the correct netmask for aliases) > and see how BIND behaves. > > -- > By nature, men are nearly alike; > by practice, they get to be wide apart. > -- Confucius > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-user
Re: Convice Bind to listen on IP alias with a range of IPs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/30/2012 07:13 PM, Augie Schwer wrote: > Thanks for the reply, please see my previous e-mail about the address > being perfectly pingable on that interface. > Whats that have to do with anything? It being pingable only means something is responding for it. This does NOT mean it is on THAT specific server. If it is not on THAT server then bind cant use it. This isn't rocket science :) - -- Larry Brower, CCNA Linux System Administrator II HostGator.com LLC lbro...@hostgator.com Http://www.hostgator.com Http://support.hostgator.com/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJPn15TAAoJEF1Xw4ZWTEoJlK0P/0wCGKtzfFr7jCrxq2YQlZbj 2DBwCO9gjZWHnHr35DQ/iYz7U+gU9rzKvXMdDWNKsr8zXoqiyMgt0N1Yp+llHQdj zgGOIlEuqIcL77hGBNQ7zlrutfiPaUuIG/vZe8mLX31M8yDOG2fa38cGtSNKILZL aSejkv5u+4QfRBhWGqtWtcUwslWdBc3TLoxKoI2YidPALjtkGXsPF/qYoke80b+Y 0YPxZ/lyS85KovK9ZgG3dCXl35r0hyLTbHBeD9JTUw6g28CKPq8HX5nKdo1hTYQv +Wdb5cIQGIovVF1QZcXkdGWnhIh9AkGXQ3J4RasCUPi6TuKTlWNhlQjYiYWAl5BB WmvPGSm3gczEJS2VGkTeJbDMKSfmNzRruzObBbVBhUr4rp/xCuJITfltne5PEmaJ 3acBm1fHi1SGifueJeK9LdFPDW27Xog2+1FDbdJFrTGO1qjwGfrEyJ9FFtk9ve2U FZWvyOdomoKapAtI4sxbKG54LTmgAazXflRa4CowEA8EhykX2qGgFhv3rKy3Y9Gf hXnNlVJUIOif9kotAem50MsgTLmMpHkOOcb6ADNDMZ91hxRvJrZ/Eb7E4UtU/g+S UDlb28WT5Cu8okrhqS1uiVjvl4dhnr0ZIz6AZMgMgKTOUw0vihvDgIZ6Ve6Ws+HB PLdxKpjwi6pt6RvHk+al =+qgi -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/12 4:14 PM, "Augie Schwer" wrote: > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > > augie@augnix:~$ ifconfig lo:1 > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > augie@augnix:~$ ping 10.0.0.2 -c 1 > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms > > --- 10.0.0.2 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > > Given all that, can anyone suggest a reason why Bind won't listen on > that address? No, we all saw the netmask. A few tried to point out the answer...you first need to get the desired aliases UP on the system for BIND to listen-on. For example, loopback is 127/8 so I can ping all those addresses: OPS:507 r...@dev-ops-test11.vega:mhoskins# ifconfig lo loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8148 (7.9 KiB) TX bytes:8148 (7.9 KiB) OPS:508 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.2 PING 127.0.0.2 (127.0.0.2) 56(84) bytes of data. 64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms --- 127.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.012/0.012/0.012/0.000 ms OPS:509 r...@dev-ops-test11.vega:mhoskins# ping 127.0.0.3 PING 127.0.0.3 (127.0.0.3) 56(84) bytes of data. 64 bytes from 127.0.0.3: icmp_seq=1 ttl=64 time=0.011 ms --- 127.0.0.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.011/0.011/0.011/0.000 ms However, I can't bind daemons to 127.0.0.2, etc. until I configure lo:0, etc. aliases for those addresses! If your ifconfig output doesn't show the IP you want to listen-on, it won't work. This is how it's been as long as I've been alive. If this is hard to believe, try adding a 10.0.0.2 (or whatever) loopback alias with a netmask of 255.255.255.255 (the correct netmask for aliases) and see how BIND behaves. -- By nature, men are nearly alike; by practice, they get to be wide apart. -- Confucius ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/30/2012 06:14 PM, Augie Schwer wrote: > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 > > augie@augnix:~$ ifconfig lo:1 > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > This is only showing the IP 10.0.0.1/27 which is a single IP on the box. You dont get a range of IP's by using a specific mask on the interface. > augie@augnix:~$ ping 10.0.0.2 -c 1 > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms > > --- 10.0.0.2 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > You have 10.0.0.2 bound to a system somewhere which is nice but has nothing to do with lo:1 > Given all that, can anyone suggest a reason why Bind won't listen on > that address? Because you are doing it wrong. You need to actually have the IP bound to an interface on the server for it to work. - -- Larry Brower, CCNA Linux System Administrator II HostGator.com LLC lbro...@hostgator.com Http://www.hostgator.com Http://support.hostgator.com/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJPn0vfAAoJEF1Xw4ZWTEoJsKoQAK6OfTyORlqJnRYTdKFIQJue Jsh4ZgQlqGGNU7gqlqEbKWsJ7nn7rawWxZMM/XGoW7FBIjgZaO9fComu4kNS5iEi oxal2B9ruKaIc2lG/ZoJzXkfpSmoEsXQ6DOUFlXwkyrPySdZ9qSLs61GVZL/OCUq h42xlLQL8qF4pkrYUVwElclEs6vcRQY52DiPUuDz6hjtdOflTytpD9gkpXfPEgje SHFM+Lgdi82fLfBwtJkqCkztQ17+XQR1P3Xg4XK4B1TNyilCZO4UKs+7NpBVLHA7 iLySYWQokz+ZLhRrELkDWekGbF8fvSOug3ObsdqRseLTdevqkyNYEPw70DHzR8a1 /HxFIyknxTFsY/37W4BuT02h8+hNGOJUN2VWEc3E78Cf2Qdip2oUrleLppy8+g1J d7j/FH8KB7S2e/zJV/jMwT3DykUWzZEG5H/rVVxl3mwlp54+Od71pxh6WBHQU5I1 P14joF/9qKpO4ghwlDIbZ9OoYxAP78IQm6qbx1syty2HOHy2Rs0qlgflIvydjE1f LSLJWezdmwPtgC/onD6X++JP3+vTW1TGC4agSx6oxasaJqjuZrWm9vJ9dmca2pR/ CPdDSMavRynySCHRKoGiO34ZgzGDAmu+UoU2H00NMJH7Z54eIzBAyHURPO+tJ3KD LG/KR7ew2ayX36i5lcNk =UzLF -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/2012 7:14 PM, Augie Schwer wrote: > I think you've all missed the netmask there, 10.0.0.2 is in that range. > > augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 Netmask says what addresses are REACHABLE on that interface, not the addresses assigned to that interface. AlanC -- a...@clegg.com | acl...@infoblox.com 1.919.355.8851 signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
Thanks for the reply, please see my previous e-mail about the address being perfectly pingable on that interface. We run PowerDNS and Unbound with a similar interface configuration without a problem, I'm sure Bind can too, I just need to know what the special config. option I'm missing is. Any help is appreciated, thank you. :) --Augie On Mon, Apr 30, 2012 at 4:36 PM, michoski wrote: > On 4/30/12 2:56 PM, "Augie Schwer" wrote: >> I must be doing something wrong, because what I want to do doesn't >> seem that difficult. >> >> I have a range of IPs bound to a local interface: >> >> lo:1 Link encap:Local Loopback >> inet addr:10.0.0.1 Mask:255.255.255.224 > > This isn't a /27 CIDR range, it's one IP alias with the wrong netmask. :-) > > IP aliases should generally have a 255.255.255.255 netmask, and you'd need > to configure aliases (ifcfg-lo:0, ifcfg-lo:1, etc.) for each IP in the range > you want to listen-on. > >> And I want to convince Bind to listen on sub-set of the given range ( >> 10.0.0.2 for example ), yet when I configure that IP: >> >> listen-on { 10.0.0.2; }; >> >> Bind won't listen on that interface: > > Yes, indeed, only 10.0.0.1 is up according to your ifconfig output. Once > you've fixed that, you should be able to use an IP range in your listen-on > statement as needed, for example: > > listen-on { !10.0.0.1; 10.0.0/24; }; > > The BIND ARM shows you listen-on's full syntax: > > http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.html > > Good luck. > > -- > Men use thought only to justify their wrong doings, > and speech only to conceal their thoughts. > -- Voltaire > -- Augie Schwer - au...@schwer.us - http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 4/30/12 2:56 PM, "Augie Schwer" wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 This isn't a /27 CIDR range, it's one IP alias with the wrong netmask. :-) IP aliases should generally have a 255.255.255.255 netmask, and you'd need to configure aliases (ifcfg-lo:0, ifcfg-lo:1, etc.) for each IP in the range you want to listen-on. > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: Yes, indeed, only 10.0.0.1 is up according to your ifconfig output. Once you've fixed that, you should be able to use an IP range in your listen-on statement as needed, for example: listen-on { !10.0.0.1; 10.0.0/24; }; The BIND ARM shows you listen-on's full syntax: http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.html Good luck. -- Men use thought only to justify their wrong doings, and speech only to conceal their thoughts. -- Voltaire ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/30/2012 04:56 PM, Augie Schwer wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: > > "named[15035]: not listening on any interfaces" > is 10.0.0.2 bound to the server? can you show the ip address or ifconfig output ? - -- Larry Brower, CCNA Fedora Ambassador - North America Fedora Quality Assurance lbro...@fedoraproject.org http://www.fedoraproject.org/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJPnyJPAAoJEF1Xw4ZWTEoJzecP/j6745eQs5TWT8+9p4k7L92p UF5pM65GSynCmh2KZk0VGLYuYCJNWGywsQU6S3CnsNAWE+a9TaL3I7ViKIrpRjId 0pp/4P4o8Jxi8/fkgG+wXnceOHsSklCKTV883ppKCwl1RJJfncNJQN1+p/bUhBgA 53rMNk0pzr6wAllS3LcqrbGoe3hBJj5hbI/snqw67zjvU4PsfgBi+SjYI0+j9paN edv2VhmN3qQvpJyQW2lMEVwxOLNAa4coClRYaqiOCz35Tg+ZykBVMU5W2jaByS6e qb2KX+Q+eOd6S6IQDT8C122yeHv9nik4Pl1LB6Om3hUEhoAr56BCSWbmPkIy72uC LtQkqWhtqU4706Bzq2Yf5SFpAJQI63ef1Bypm2N91gRhggFBkCcSWnzDXig/cVh+ XGDcXGzSnRCrpHz1uiKNO6rSmDPmd/eugTMGHNa/VTbqepIwIUhu1lLP9AswHWSa 3C3oqncA3CJO6+STryYtyLMtSx6BMtMgaDBJoDCJ1TZ9zAa9nFQlF1hybhsMstEP sgttF17hbgksoOXc0L7Lj1OMTvoClKwosfaEpzyfPJNwZhthG8a37SdNswf/PifF dHlxUniVLOyg4uj6jplzkD2GLFd5ZMwg74fISORh6guOQjNext+Vs/pZt5IvGmie Wi++mDbkUPhq6/9ZwGec =G6Ta -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
I think you've all missed the netmask there, 10.0.0.2 is in that range. augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224 augie@augnix:~$ ifconfig lo:1 lo:1 Link encap:Local Loopback inet addr:10.0.0.1 Mask:255.255.255.224 augie@augnix:~$ ping 10.0.0.2 -c 1 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms Given all that, can anyone suggest a reason why Bind won't listen on that address? -- Augie Schwer - au...@schwer.us - http://schwer.us ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On 30/04/2012 23:56, Augie Schwer wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 This means you've got 10.0.0.1 on the interface lo:1. You don't have 10.0.0.2 configured yet. You need to create extra virtual interfaces called lo:2, lo:3 and so on, and give them addresses 10.0.0.2 and 10.0.0.3 and so on. > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: > > "named[15035]: not listening on any interfaces" That's right, because 10.0.0.2 is not yet configured. -- Anand Buddhdev RIPE NCC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
Augie Schwer wrote: > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ) You can't do that without hacking the network stack, as far as I know. See for instance this rather old FreeBSD patch. Note that even this doesn't quite do what you want since it doesn't allow you to bind to a subset of a CIDR range configured on an interface. http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/12071 Tony. -- f.anthony.n.finchhttp://dotat.at/ Fisher, German Bight: North or northeast 3 or 4, occasionally 5. Slight or moderate. Fair. Moderate or good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Convice Bind to listen on IP alias with a range of IPs.
On Mon, 30 Apr 2012, Augie Schwer wrote: > I must be doing something wrong, because what I want to do doesn't > seem that difficult. > > I have a range of IPs bound to a local interface: > > lo:1 Link encap:Local Loopback > inet addr:10.0.0.1 Mask:255.255.255.224 > > And I want to convince Bind to listen on sub-set of the given range ( > 10.0.0.2 for example ), yet when I configure that IP: > > listen-on { 10.0.0.2; }; > > Bind won't listen on that interface: > > "named[15035]: not listening on any interfaces" > > Bind has no problem listening on 10.0.0.1 however, so there must be > some configuration option I am missing. > > Any help is appreciated. > > augie@augnix:~$ named -v > BIND 9.7.0-P1 Your interface output above doesn't show the other IP. Maybe you need to run something like: ifconfig lo:1 10.0.0.2 up ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users