date:20151029

Re: DNS Question

2015-10-29 Thread Marcy Cortes

You can turn off IPv6 on a particular interface with 
net.ipv6.conf.eth0.disable_ipv6 = 1

Or totally by putting 
install ipv6 /bin/true 

in /etc/modprobe.d/50-ipv6.conf


You may have to do that if parts of your network aren't ready for it yet.



-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael 
Weiner
Sent: Thursday, October 29, 2015 8:06 AM
To: LINUX-390@VM.MARIST.EDU
Subject: [LINUX-390] DNS Question

Hi all,

I am working on a DNS on SLES 11 SP3 using BIND.

I got the DNS working where I can ping my entries etc. But I am getting the 
following errors which looks like IPv6.

172.16.1.182 is my local laptop DHCP address. Any suggestions?

Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 06:28:58 
dsnserver named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58 dsnserver 
named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 06:28:58 
dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:503:c27::2:30#53
Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:500:2d::d#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:dc3::35#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:503:ba3e::2:30#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:500:3::42#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:500:2f::f#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:7fe::53#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09 dsnserver 
named[22031]: client 10.100.0.191#38658: query:
182.1.16.172.in-addr.arpa IN PTR +
Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:7fd::1#53

--
For LINUX-390 subscribe / signoff / archive access instructions, send email to 
lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Rick Troth

On Thu, 2015-10-29 at 11:06 -0400, Michael Weiner wrote:
> I am working on a DNS on SLES 11 SP3 using BIND.
>
> I got the DNS working where I can ping my entries etc. But I am
> getting the
> following errors which looks like IPv6.

Right.
What you cited are attempted queries using IPv6.
The visible difference between IPv4 and IPv6 is the
eight quad hex fields versus four dotted decimal fields.
People sometimes let IPv6 scare them. It shouldn't.

The address looks like IPv6 for "M.ROOT-SERVERS.NET".
Quite legit, but >>> do you have IPv6 routing working? <<<
It's often automagic, but I rarely trust that.
(IPv6 challenges control freaks like me.
You *can* set explicit routing, but "they" don't like it.)

It's very possible that your IP stack thinks it can do IPv6
and BIND is picking up on that and trying, but that your
local network isn't really playing IPv6 yet. So the packets
would just drop into the ether. Bummer.

I run BIND (even build it from source regularly)
but I must confess I don't grok all of its log messages.

If you're getting name resolution, you can ignore the errors.
But I STRONGLY RECOMMEND that you find out if IPv6 is routing.
You will want to use it sooner or later, and an "can ignore it
for the time being" error is not elegant nor wise.

-- R; <><

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

DNS Question

2015-10-29 Thread Michael Weiner

Hi all,

I am working on a DNS on SLES 11 SP3 using BIND.

I got the DNS working where I can ping my entries etc. But I am getting the
following errors which looks like IPv6.

172.16.1.182 is my local laptop DHCP address. Any suggestions?

Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53
Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53
Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53
Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:503:c27::2:30#53
Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:500:2d::d#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:dc3::35#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:503:ba3e::2:30#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:500:3::42#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:500:2f::f#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:7fe::53#53
Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
'182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53
Oct 29 06:29:09 dsnserver named[22031]: client 10.100.0.191#38658: query:
182.1.16.172.in-addr.arpa IN PTR +
Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving
'./NS/IN': 2001:7fd::1#53

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Marcy Cortes

Its likely.  
We saw that once when some Windows domain controllers started responding with 
IPv6 addresses first.  They would have to timeout before the v4 ones.


-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael 
Weiner
Sent: Thursday, October 29, 2015 9:31 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: [LINUX-390] DNS Question

thank you. Is that why I am getting delays when I try to connect to the server?

On Thu, Oct 29, 2015 at 12:06 PM, Marcy Cortes < marcy.d.cor...@wellsfargo.com> 
wrote:

> You can turn off IPv6 on a particular interface with
> net.ipv6.conf.eth0.disable_ipv6 = 1
>
> Or totally by putting
> install ipv6 /bin/true
>
> in /etc/modprobe.d/50-ipv6.conf
>
>
> You may have to do that if parts of your network aren't ready for it yet.
>
>
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of 
> Michael Weiner
> Sent: Thursday, October 29, 2015 8:06 AM
> To: LINUX-390@VM.MARIST.EDU
> Subject: [LINUX-390] DNS Question
>
> Hi all,
>
> I am working on a DNS on SLES 11 SP3 using BIND.
>
> I got the DNS working where I can ping my entries etc. But I am 
> getting the following errors which looks like IPv6.
>
> 172.16.1.182 is my local laptop DHCP address. Any suggestions?
>
> Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 
> 06:28:58 dsnserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58 
> dsnserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 
> 06:28:58 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:503:c27::2:30#53
> Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:500:2d::d#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:dc3::35#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:503:ba3e::2:30#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:500:3::42#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:500:2f::f#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:7fe::53#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09 
> dsnserver named[22031]: client 10.100.0.191#38658: query:
> 182.1.16.172.in-addr.arpa IN PTR +
> Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:7fd::1#53
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions, send 
> email to lists...@vm.marist.edu with the message: INFO LINUX-390 or 
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit 
> http://wiki.linuxvm.org/
>



--
Michael Weiner
Systems Admin
Infinity Systems Software, Inc.
One Penn Plaza Suite 2010
New York, NY 10119
o: (646) 405-9300
c: (845) 641-0517

--
For LINUX-390 subscribe / signoff / archive access instructions, send email to 
lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Mark Post

>>> On 10/29/2015 at 01:36 PM, Michael Weiner  
>>> wrote: 
> Agreed, which I do have that. But, 172. is my local network for my laptop.
> Do I need another zone for local IP's?

Yes.  In /etc/named.conf, you'll need this:
zone "1.16.172.in-addr.arpa" IN {
type master;
file "caching-example/named.mkplan";
allow-update { none; };
};

Replace "caching-example/named.mkplan" with where you have your files and 
whatever name you want to give it.  And in that file you'll have the reverse 
lookup entries for your local network.  Something similar to:
$TTL86400
@   IN  SOA localhost. root.localhost.  (
  2010111800 ; Serial
  28800  ; Refresh
  14400  ; Retry
  360; Expire
  86400 ); Minimum
IN  NS  localhost.
;
10  IN  PTR my10.local.lan.net.
20  IN  PTR my20.local.lan.net.
30  IN  PTR my30.local.lan.net.

Using whatever the real names are that you have in the forward lookup table.

Mark Post

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Michael Weiner

wow. the difference in speed is enormous.

Thank you!!!

On Thu, Oct 29, 2015 at 1:54 PM, Rick Troth  wrote:

> Sure, another zone file.
> Reverse lookups for local addresses are your responsibility.
>
> Your first note cited M.ROOT-SERVERS.NET (by IPv6 addr).
> That server would never be able to resolve 172.n.n.n with a name
> that matches your internal network. But if your local BIND owned that
> zone it would not have forwarded the request.
>
> I'll expose some of my personal network:
> I use 192.168.29.x and have /var/named/master/192.168.29
> (no further extension, but some people like to add ".db").
> That gets mapped with this stanza in /etc/named.conf ...
>
> zone "29.168.192.in-addr.arpa" in {
> type master;
> file "master/192.168.29";
> };
>
> (Previous global statement 'directory "/var/named";' sets the prefix.)
> Take note of the reversal of IPv4 octets for the IN-ADDR.ARPA pseudo
> domain.
>
> An example line from the zone file is ...
>
> 11  IN  PTR  jeremiah.casita.net.
>
> Thus "192.168.29.11" resolves to "jeremiah.casita.net".
> Works.
>
> Reversing is fairly easy, use "PTR" instead of "A" or "".
> Am guessing you have a solid handle on the other statements in zone
> files, but if you need a hand, just holler.
>
> -- R; <><
>
>
>
>
> On Thu, 2015-10-29 at 13:36 -0400, Michael Weiner wrote:
> > Agreed, which I do have that. But, 172. is my local network for my
> laptop.
> > Do I need another zone for local IP's?
> >
> > On Thu, Oct 29, 2015 at 1:33 PM, Mark Post  wrote:
> >
> > > >>> On 10/29/2015 at 01:29 PM, Michael Weiner <
> mwei...@infinite-blue.com>
> > > wrote:
> > > > Do I need a zone for my local network being 172.16.1.*?
> > > >
> > > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757:
> query:
> > > > 182.1.16.172.in-addr.arpa IN PTR +
> > > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757:
> query
> > > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
> > > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924:
> query:
> > > > 182.1.16.172.in-addr.arpa IN PTR +
> > > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924:
> query
> > > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
> > >
> > > I have always considered missing reverse lookups to be
> misconfiguration.
> > > If you have control over the server, you should have both forward and
> > > reverse lookups defined.
> > >
> > >
> > > Mark Post
> > >
> > > --
> > > For LINUX-390 subscribe / signoff / archive access instructions,
> > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390
> or
> > > visit
> > > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > > --
> > > For more information on Linux on System z, visit
> > > http://wiki.linuxvm.org/
> > >
> >
> >
> >
> > --
> > Michael Weiner
> > Systems Admin
> > Infinity Systems Software, Inc.
> > One Penn Plaza Suite 2010
> > New York, NY 10119
> > o: (646) 405-9300
> > c: (845) 641-0517
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390
> or visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



--
Michael Weiner
Systems Admin
Infinity Systems Software, Inc.
One Penn Plaza Suite 2010
New York, NY 10119
o: (646) 405-9300
c: (845) 641-0517

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Michael Weiner

thank you. Is that why I am getting delays when I try to connect to the
server?

On Thu, Oct 29, 2015 at 12:06 PM, Marcy Cortes <
marcy.d.cor...@wellsfargo.com> wrote:

> You can turn off IPv6 on a particular interface with
> net.ipv6.conf.eth0.disable_ipv6 = 1
>
> Or totally by putting
> install ipv6 /bin/true
>
> in /etc/modprobe.d/50-ipv6.conf
>
>
> You may have to do that if parts of your network aren't ready for it yet.
>
>
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of
> Michael Weiner
> Sent: Thursday, October 29, 2015 8:06 AM
> To: LINUX-390@VM.MARIST.EDU
> Subject: [LINUX-390] DNS Question
>
> Hi all,
>
> I am working on a DNS on SLES 11 SP3 using BIND.
>
> I got the DNS working where I can ping my entries etc. But I am getting
> the following errors which looks like IPv6.
>
> 172.16.1.182 is my local laptop DHCP address. Any suggestions?
>
> Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 06:28:58
> dsnserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58
> dsnserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 06:28:58
> dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:503:c27::2:30#53
> Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:500:2d::d#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:dc3::35#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:503:ba3e::2:30#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:500:3::42#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:500:2f::f#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:7fe::53#53
> Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09
> dsnserver named[22031]: client 10.100.0.191#38658: query:
> 182.1.16.172.in-addr.arpa IN PTR +
> Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving
> './NS/IN': 2001:7fd::1#53
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions, send
> email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit http://wiki.linuxvm.org/
>



--
Michael Weiner
Systems Admin
Infinity Systems Software, Inc.
One Penn Plaza Suite 2010
New York, NY 10119
o: (646) 405-9300
c: (845) 641-0517

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Michael Weiner

I added recusion=no;

I added the name of my DNS server to my master IN A and PTR records and the
IPV6 errors are gone.

Do I need a zone for my local network being 172.16.1.*?

Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query:
182.1.16.172.in-addr.arpa IN PTR +
Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query
(cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query:
182.1.16.172.in-addr.arpa IN PTR +
Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query
(cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied


On Thu, Oct 29, 2015 at 12:36 PM, Marcy Cortes <
marcy.d.cor...@wellsfargo.com> wrote:

> Its likely.
> We saw that once when some Windows domain controllers started responding
> with IPv6 addresses first.  They would have to timeout before the v4 ones.
>
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of
> Michael Weiner
> Sent: Thursday, October 29, 2015 9:31 AM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Re: [LINUX-390] DNS Question
>
> thank you. Is that why I am getting delays when I try to connect to the
> server?
>
> On Thu, Oct 29, 2015 at 12:06 PM, Marcy Cortes <
> marcy.d.cor...@wellsfargo.com> wrote:
>
> > You can turn off IPv6 on a particular interface with
> > net.ipv6.conf.eth0.disable_ipv6 = 1
> >
> > Or totally by putting
> > install ipv6 /bin/true
> >
> > in /etc/modprobe.d/50-ipv6.conf
> >
> >
> > You may have to do that if parts of your network aren't ready for it yet.
> >
> >
> >
> > -Original Message-
> > From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of
> > Michael Weiner
> > Sent: Thursday, October 29, 2015 8:06 AM
> > To: LINUX-390@VM.MARIST.EDU
> > Subject: [LINUX-390] DNS Question
> >
> > Hi all,
> >
> > I am working on a DNS on SLES 11 SP3 using BIND.
> >
> > I got the DNS working where I can ping my entries etc. But I am
> > getting the following errors which looks like IPv6.
> >
> > 172.16.1.182 is my local laptop DHCP address. Any suggestions?
> >
> > Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving
> > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29
> > 06:28:58 dsnserver named[22031]: network unreachable resolving
> > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58
> > dsnserver named[22031]: network unreachable resolving
> > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29
> > 06:28:58 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:503:c27::2:30#53
> > Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:500:2d::d#53
> > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:dc3::35#53
> > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:503:ba3e::2:30#53
> > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:500:3::42#53
> > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:500:2f::f#53
> > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:7fe::53#53
> > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving
> > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09
> > dsnserver named[22031]: client 10.100.0.191#38658: query:
> > 182.1.16.172.in-addr.arpa IN PTR +
> > Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving
> > './NS/IN': 2001:7fd::1#53
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions, send
> > email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> > visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
> >
>
>
>
> --
> Michael Weiner
> Systems Admin
> Infinity Systems Software, Inc.
> One Penn Plaza Suite 2010
> New York, NY 10119
> o: (646) 405-9300
> c: (845) 641-0517
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions, send
> email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit http://wiki.linuxvm.org/
>



--
Michael Weiner
Systems Admin
Infinity Systems Software, Inc.
One Penn Plaza Suite 2010
New York, NY 10119
o: (646) 405-9300
c: (845) 641-0517

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu

Re: DNS Question

2015-10-29 Thread Mark Post

>>> On 10/29/2015 at 01:29 PM, Michael Weiner  
>>> wrote: 
> Do I need a zone for my local network being 172.16.1.*?
> 
> Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query:
> 182.1.16.172.in-addr.arpa IN PTR +
> Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query
> (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
> Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query:
> 182.1.16.172.in-addr.arpa IN PTR +
> Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query
> (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied

I have always considered missing reverse lookups to be misconfiguration.  If 
you have control over the server, you should have both forward and reverse 
lookups defined.


Mark Post

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Eric Chevalier


On 10/29/15 10:06 AM, Michael Weiner wrote:

Hi all,

I am working on a DNS on SLES 11 SP3 using BIND.

I got the DNS working where I can ping my entries etc. But I am getting the
following errors which looks like IPv6.

172.16.1.182 is my local laptop DHCP address. Any suggestions?


It looks like someone (or some process) in your network is trying to do
a reverse-DNS lookup: given an IP address, what's the host name? If you
want those kind of queries to succeed, have you created the appropriate
zone files in your name server? I think you'll need a zone file that
make the name server authoritative for the "16.172.in-addr.arpa" domain.
Once you have the zone files, your name server will resolve these
queries itself instead of trying to go to the Internet for an answer.

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Michael Weiner

Agreed, which I do have that. But, 172. is my local network for my laptop.
Do I need another zone for local IP's?

On Thu, Oct 29, 2015 at 1:33 PM, Mark Post  wrote:

> >>> On 10/29/2015 at 01:29 PM, Michael Weiner 
> wrote:
> > Do I need a zone for my local network being 172.16.1.*?
> >
> > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query:
> > 182.1.16.172.in-addr.arpa IN PTR +
> > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query
> > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
> > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query:
> > 182.1.16.172.in-addr.arpa IN PTR +
> > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query
> > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
>
> I have always considered missing reverse lookups to be misconfiguration.
> If you have control over the server, you should have both forward and
> reverse lookups defined.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



--
Michael Weiner
Systems Admin
Infinity Systems Software, Inc.
One Penn Plaza Suite 2010
New York, NY 10119
o: (646) 405-9300
c: (845) 641-0517

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

2015-10-29 Thread Rick Troth

Sure, another zone file.
Reverse lookups for local addresses are your responsibility.

Your first note cited M.ROOT-SERVERS.NET (by IPv6 addr).
That server would never be able to resolve 172.n.n.n with a name
that matches your internal network. But if your local BIND owned that
zone it would not have forwarded the request.

I'll expose some of my personal network:
I use 192.168.29.x and have /var/named/master/192.168.29
(no further extension, but some people like to add ".db").
That gets mapped with this stanza in /etc/named.conf ...

zone "29.168.192.in-addr.arpa" in {
type master;
file "master/192.168.29";
};

(Previous global statement 'directory "/var/named";' sets the prefix.)
Take note of the reversal of IPv4 octets for the IN-ADDR.ARPA pseudo
domain.

An example line from the zone file is ...

11  IN  PTR  jeremiah.casita.net.

Thus "192.168.29.11" resolves to "jeremiah.casita.net".
Works.

Reversing is fairly easy, use "PTR" instead of "A" or "".
Am guessing you have a solid handle on the other statements in zone
files, but if you need a hand, just holler.

-- R; <><

On Thu, 2015-10-29 at 13:36 -0400, Michael Weiner wrote:
> Agreed, which I do have that. But, 172. is my local network for my laptop.
> Do I need another zone for local IP's?
>
> On Thu, Oct 29, 2015 at 1:33 PM, Mark Post  wrote:
>
> > >>> On 10/29/2015 at 01:29 PM, Michael Weiner 
> > wrote:
> > > Do I need a zone for my local network being 172.16.1.*?
> > >
> > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query:
> > > 182.1.16.172.in-addr.arpa IN PTR +
> > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query
> > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
> > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query:
> > > 182.1.16.172.in-addr.arpa IN PTR +
> > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query
> > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied
> >
> > I have always considered missing reverse lookups to be misconfiguration.
> > If you have control over the server, you should have both forward and
> > reverse lookups defined.
> >
> >
> > Mark Post
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> > visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
> >
>
>
>
> --
> Michael Weiner
> Systems Admin
> Infinity Systems Software, Inc.
> One Penn Plaza Suite 2010
> New York, NY 10119
> o: (646) 405-9300
> c: (845) 641-0517
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: DNS Question

Re: DNS Question

DNS Question

Re: DNS Question

Re: DNS Question

Re: DNS Question

Re: DNS Question

Re: DNS Question

Re: DNS Question

Re: DNS Question

Re: DNS Question

Re: DNS Question

12 matches

Site Navigation

Mail list logo

Footer information