Re: DNS Question
You can turn off IPv6 on a particular interface with net.ipv6.conf.eth0.disable_ipv6 = 1 Or totally by putting install ipv6 /bin/true in /etc/modprobe.d/50-ipv6.conf You may have to do that if parts of your network aren't ready for it yet. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael Weiner Sent: Thursday, October 29, 2015 8:06 AM To: LINUX-390@VM.MARIST.EDU Subject: [LINUX-390] DNS Question Hi all, I am working on a DNS on SLES 11 SP3 using BIND. I got the DNS working where I can ping my entries etc. But I am getting the following errors which looks like IPv6. 172.16.1.182 is my local laptop DHCP address. Any suggestions? Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53 Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:500:2d::d#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:dc3::35#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:500:3::42#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:500:2f::f#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:7fe::53#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09 dsnserver named[22031]: client 10.100.0.191#38658: query: 182.1.16.172.in-addr.arpa IN PTR + Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:7fd::1#53 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
On Thu, 2015-10-29 at 11:06 -0400, Michael Weiner wrote: > I am working on a DNS on SLES 11 SP3 using BIND. > > I got the DNS working where I can ping my entries etc. But I am > getting the > following errors which looks like IPv6. Right. What you cited are attempted queries using IPv6. The visible difference between IPv4 and IPv6 is the eight quad hex fields versus four dotted decimal fields. People sometimes let IPv6 scare them. It shouldn't. The address looks like IPv6 for "M.ROOT-SERVERS.NET". Quite legit, but >>> do you have IPv6 routing working? <<< It's often automagic, but I rarely trust that. (IPv6 challenges control freaks like me. You *can* set explicit routing, but "they" don't like it.) It's very possible that your IP stack thinks it can do IPv6 and BIND is picking up on that and trying, but that your local network isn't really playing IPv6 yet. So the packets would just drop into the ether. Bummer. I run BIND (even build it from source regularly) but I must confess I don't grok all of its log messages. If you're getting name resolution, you can ignore the errors. But I STRONGLY RECOMMEND that you find out if IPv6 is routing. You will want to use it sooner or later, and an "can ignore it for the time being" error is not elegant nor wise. -- R; <>< -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
DNS Question
Hi all, I am working on a DNS on SLES 11 SP3 using BIND. I got the DNS working where I can ping my entries etc. But I am getting the following errors which looks like IPv6. 172.16.1.182 is my local laptop DHCP address. Any suggestions? Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 06:28:58 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53 Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:500:2d::d#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:dc3::35#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:500:3::42#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:500:2f::f#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:7fe::53#53 Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09 dsnserver named[22031]: client 10.100.0.191#38658: query: 182.1.16.172.in-addr.arpa IN PTR + Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving './NS/IN': 2001:7fd::1#53 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
Its likely. We saw that once when some Windows domain controllers started responding with IPv6 addresses first. They would have to timeout before the v4 ones. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael Weiner Sent: Thursday, October 29, 2015 9:31 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] DNS Question thank you. Is that why I am getting delays when I try to connect to the server? On Thu, Oct 29, 2015 at 12:06 PM, Marcy Cortes < marcy.d.cor...@wellsfargo.com> wrote: > You can turn off IPv6 on a particular interface with > net.ipv6.conf.eth0.disable_ipv6 = 1 > > Or totally by putting > install ipv6 /bin/true > > in /etc/modprobe.d/50-ipv6.conf > > > You may have to do that if parts of your network aren't ready for it yet. > > > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of > Michael Weiner > Sent: Thursday, October 29, 2015 8:06 AM > To: LINUX-390@VM.MARIST.EDU > Subject: [LINUX-390] DNS Question > > Hi all, > > I am working on a DNS on SLES 11 SP3 using BIND. > > I got the DNS working where I can ping my entries etc. But I am > getting the following errors which looks like IPv6. > > 172.16.1.182 is my local laptop DHCP address. Any suggestions? > > Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 > 06:28:58 dsnserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58 > dsnserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 > 06:28:58 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:503:c27::2:30#53 > Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:500:2d::d#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:dc3::35#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:503:ba3e::2:30#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:500:3::42#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:500:2f::f#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:7fe::53#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09 > dsnserver named[22031]: client 10.100.0.191#38658: query: > 182.1.16.172.in-addr.arpa IN PTR + > Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:7fd::1#53 > > -- > For LINUX-390 subscribe / signoff / archive access instructions, send > email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Michael Weiner Systems Admin Infinity Systems Software, Inc. One Penn Plaza Suite 2010 New York, NY 10119 o: (646) 405-9300 c: (845) 641-0517 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
>>> On 10/29/2015 at 01:36 PM, Michael Weiner>>> wrote: > Agreed, which I do have that. But, 172. is my local network for my laptop. > Do I need another zone for local IP's? Yes. In /etc/named.conf, you'll need this: zone "1.16.172.in-addr.arpa" IN { type master; file "caching-example/named.mkplan"; allow-update { none; }; }; Replace "caching-example/named.mkplan" with where you have your files and whatever name you want to give it. And in that file you'll have the reverse lookup entries for your local network. Something similar to: $TTL86400 @ IN SOA localhost. root.localhost. ( 2010111800 ; Serial 28800 ; Refresh 14400 ; Retry 360; Expire 86400 ); Minimum IN NS localhost. ; 10 IN PTR my10.local.lan.net. 20 IN PTR my20.local.lan.net. 30 IN PTR my30.local.lan.net. Using whatever the real names are that you have in the forward lookup table. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
wow. the difference in speed is enormous. Thank you!!! On Thu, Oct 29, 2015 at 1:54 PM, Rick Trothwrote: > Sure, another zone file. > Reverse lookups for local addresses are your responsibility. > > Your first note cited M.ROOT-SERVERS.NET (by IPv6 addr). > That server would never be able to resolve 172.n.n.n with a name > that matches your internal network. But if your local BIND owned that > zone it would not have forwarded the request. > > I'll expose some of my personal network: > I use 192.168.29.x and have /var/named/master/192.168.29 > (no further extension, but some people like to add ".db"). > That gets mapped with this stanza in /etc/named.conf ... > > zone "29.168.192.in-addr.arpa" in { > type master; > file "master/192.168.29"; > }; > > (Previous global statement 'directory "/var/named";' sets the prefix.) > Take note of the reversal of IPv4 octets for the IN-ADDR.ARPA pseudo > domain. > > An example line from the zone file is ... > > 11 IN PTR jeremiah.casita.net. > > Thus "192.168.29.11" resolves to "jeremiah.casita.net". > Works. > > Reversing is fairly easy, use "PTR" instead of "A" or "". > Am guessing you have a solid handle on the other statements in zone > files, but if you need a hand, just holler. > > -- R; <>< > > > > > On Thu, 2015-10-29 at 13:36 -0400, Michael Weiner wrote: > > Agreed, which I do have that. But, 172. is my local network for my > laptop. > > Do I need another zone for local IP's? > > > > On Thu, Oct 29, 2015 at 1:33 PM, Mark Post wrote: > > > > > >>> On 10/29/2015 at 01:29 PM, Michael Weiner < > mwei...@infinite-blue.com> > > > wrote: > > > > Do I need a zone for my local network being 172.16.1.*? > > > > > > > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: > query: > > > > 182.1.16.172.in-addr.arpa IN PTR + > > > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: > query > > > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied > > > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: > query: > > > > 182.1.16.172.in-addr.arpa IN PTR + > > > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: > query > > > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied > > > > > > I have always considered missing reverse lookups to be > misconfiguration. > > > If you have control over the server, you should have both forward and > > > reverse lookups defined. > > > > > > > > > Mark Post > > > > > > -- > > > For LINUX-390 subscribe / signoff / archive access instructions, > > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 > or > > > visit > > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > > -- > > > For more information on Linux on System z, visit > > > http://wiki.linuxvm.org/ > > > > > > > > > > > -- > > Michael Weiner > > Systems Admin > > Infinity Systems Software, Inc. > > One Penn Plaza Suite 2010 > > New York, NY 10119 > > o: (646) 405-9300 > > c: (845) 641-0517 > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 > or visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Michael Weiner Systems Admin Infinity Systems Software, Inc. One Penn Plaza Suite 2010 New York, NY 10119 o: (646) 405-9300 c: (845) 641-0517 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
thank you. Is that why I am getting delays when I try to connect to the server? On Thu, Oct 29, 2015 at 12:06 PM, Marcy Cortes < marcy.d.cor...@wellsfargo.com> wrote: > You can turn off IPv6 on a particular interface with > net.ipv6.conf.eth0.disable_ipv6 = 1 > > Or totally by putting > install ipv6 /bin/true > > in /etc/modprobe.d/50-ipv6.conf > > > You may have to do that if parts of your network aren't ready for it yet. > > > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of > Michael Weiner > Sent: Thursday, October 29, 2015 8:06 AM > To: LINUX-390@VM.MARIST.EDU > Subject: [LINUX-390] DNS Question > > Hi all, > > I am working on a DNS on SLES 11 SP3 using BIND. > > I got the DNS working where I can ping my entries etc. But I am getting > the following errors which looks like IPv6. > > 172.16.1.182 is my local laptop DHCP address. Any suggestions? > > Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 06:28:58 > dsnserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58 > dsnserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 06:28:58 > dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:503:c27::2:30#53 > Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:500:2d::d#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:dc3::35#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:503:ba3e::2:30#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:500:3::42#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:500:2f::f#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:7fe::53#53 > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09 > dsnserver named[22031]: client 10.100.0.191#38658: query: > 182.1.16.172.in-addr.arpa IN PTR + > Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving > './NS/IN': 2001:7fd::1#53 > > -- > For LINUX-390 subscribe / signoff / archive access instructions, send > email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit http://wiki.linuxvm.org/ > -- Michael Weiner Systems Admin Infinity Systems Software, Inc. One Penn Plaza Suite 2010 New York, NY 10119 o: (646) 405-9300 c: (845) 641-0517 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
I added recusion=no; I added the name of my DNS server to my master IN A and PTR records and the IPV6 errors are gone. Do I need a zone for my local network being 172.16.1.*? Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query: 182.1.16.172.in-addr.arpa IN PTR + Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query: 182.1.16.172.in-addr.arpa IN PTR + Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied On Thu, Oct 29, 2015 at 12:36 PM, Marcy Cortes < marcy.d.cor...@wellsfargo.com> wrote: > Its likely. > We saw that once when some Windows domain controllers started responding > with IPv6 addresses first. They would have to timeout before the v4 ones. > > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of > Michael Weiner > Sent: Thursday, October 29, 2015 9:31 AM > To: LINUX-390@VM.MARIST.EDU > Subject: Re: [LINUX-390] DNS Question > > thank you. Is that why I am getting delays when I try to connect to the > server? > > On Thu, Oct 29, 2015 at 12:06 PM, Marcy Cortes < > marcy.d.cor...@wellsfargo.com> wrote: > > > You can turn off IPv6 on a particular interface with > > net.ipv6.conf.eth0.disable_ipv6 = 1 > > > > Or totally by putting > > install ipv6 /bin/true > > > > in /etc/modprobe.d/50-ipv6.conf > > > > > > You may have to do that if parts of your network aren't ready for it yet. > > > > > > > > -Original Message- > > From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of > > Michael Weiner > > Sent: Thursday, October 29, 2015 8:06 AM > > To: LINUX-390@VM.MARIST.EDU > > Subject: [LINUX-390] DNS Question > > > > Hi all, > > > > I am working on a DNS on SLES 11 SP3 using BIND. > > > > I got the DNS working where I can ping my entries etc. But I am > > getting the following errors which looks like IPv6. > > > > 172.16.1.182 is my local laptop DHCP address. Any suggestions? > > > > Oct 29 06:28:58 dnsserver named[22031]: network unreachable resolving > > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:c27::2:30#53 Oct 29 > > 06:28:58 dsnserver named[22031]: network unreachable resolving > > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:500:2d::d#53 Oct 29 06:28:58 > > dsnserver named[22031]: network unreachable resolving > > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:503:ba3e::2:30#53 Oct 29 > > 06:28:58 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:503:c27::2:30#53 > > Oct 29 06:29:01 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:500:2d::d#53 > > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:dc3::35#53 > > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:503:ba3e::2:30#53 > > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:500:3::42#53 > > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:500:2f::f#53 > > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:7fe::53#53 > > Oct 29 06:29:04 dsnserver named[22031]: network unreachable resolving > > '182.1.16.172.in-addr.arpa/PTR/IN': 2001:dc3::35#53 Oct 29 06:29:09 > > dsnserver named[22031]: client 10.100.0.191#38658: query: > > 182.1.16.172.in-addr.arpa IN PTR + > > Oct 29 06:29:22 dsnserver named[22031]: network unreachable resolving > > './NS/IN': 2001:7fd::1#53 > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, send > > email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > > > -- > Michael Weiner > Systems Admin > Infinity Systems Software, Inc. > One Penn Plaza Suite 2010 > New York, NY 10119 > o: (646) 405-9300 > c: (845) 641-0517 > > -- > For LINUX-390 subscribe / signoff / archive access instructions, send > email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit http://wiki.linuxvm.org/ > -- Michael Weiner Systems Admin Infinity Systems Software, Inc. One Penn Plaza Suite 2010 New York, NY 10119 o: (646) 405-9300 c: (845) 641-0517 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu
Re: DNS Question
>>> On 10/29/2015 at 01:29 PM, Michael Weiner>>> wrote: > Do I need a zone for my local network being 172.16.1.*? > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query: > 182.1.16.172.in-addr.arpa IN PTR + > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query: > 182.1.16.172.in-addr.arpa IN PTR + > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied I have always considered missing reverse lookups to be misconfiguration. If you have control over the server, you should have both forward and reverse lookups defined. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
On 10/29/15 10:06 AM, Michael Weiner wrote: Hi all, I am working on a DNS on SLES 11 SP3 using BIND. I got the DNS working where I can ping my entries etc. But I am getting the following errors which looks like IPv6. 172.16.1.182 is my local laptop DHCP address. Any suggestions? It looks like someone (or some process) in your network is trying to do a reverse-DNS lookup: given an IP address, what's the host name? If you want those kind of queries to succeed, have you created the appropriate zone files in your name server? I think you'll need a zone file that make the name server authoritative for the "16.172.in-addr.arpa" domain. Once you have the zone files, your name server will resolve these queries itself instead of trying to go to the Internet for an answer. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
Agreed, which I do have that. But, 172. is my local network for my laptop. Do I need another zone for local IP's? On Thu, Oct 29, 2015 at 1:33 PM, Mark Postwrote: > >>> On 10/29/2015 at 01:29 PM, Michael Weiner > wrote: > > Do I need a zone for my local network being 172.16.1.*? > > > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query: > > 182.1.16.172.in-addr.arpa IN PTR + > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query: > > 182.1.16.172.in-addr.arpa IN PTR + > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied > > I have always considered missing reverse lookups to be misconfiguration. > If you have control over the server, you should have both forward and > reverse lookups defined. > > > Mark Post > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Michael Weiner Systems Admin Infinity Systems Software, Inc. One Penn Plaza Suite 2010 New York, NY 10119 o: (646) 405-9300 c: (845) 641-0517 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: DNS Question
Sure, another zone file. Reverse lookups for local addresses are your responsibility. Your first note cited M.ROOT-SERVERS.NET (by IPv6 addr). That server would never be able to resolve 172.n.n.n with a name that matches your internal network. But if your local BIND owned that zone it would not have forwarded the request. I'll expose some of my personal network: I use 192.168.29.x and have /var/named/master/192.168.29 (no further extension, but some people like to add ".db"). That gets mapped with this stanza in /etc/named.conf ... zone "29.168.192.in-addr.arpa" in { type master; file "master/192.168.29"; }; (Previous global statement 'directory "/var/named";' sets the prefix.) Take note of the reversal of IPv4 octets for the IN-ADDR.ARPA pseudo domain. An example line from the zone file is ... 11 IN PTR jeremiah.casita.net. Thus "192.168.29.11" resolves to "jeremiah.casita.net". Works. Reversing is fairly easy, use "PTR" instead of "A" or "". Am guessing you have a solid handle on the other statements in zone files, but if you need a hand, just holler. -- R; <>< On Thu, 2015-10-29 at 13:36 -0400, Michael Weiner wrote: > Agreed, which I do have that. But, 172. is my local network for my laptop. > Do I need another zone for local IP's? > > On Thu, Oct 29, 2015 at 1:33 PM, Mark Postwrote: > > > >>> On 10/29/2015 at 01:29 PM, Michael Weiner > > wrote: > > > Do I need a zone for my local network being 172.16.1.*? > > > > > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query: > > > 182.1.16.172.in-addr.arpa IN PTR + > > > Oct 29 08:52:41 dnsserver named[25110]: client 10.100.0.191#50757: query > > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied > > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query: > > > 182.1.16.172.in-addr.arpa IN PTR + > > > Oct 29 08:52:50 dnsserver named[25110]: client 10.100.0.191#43924: query > > > (cache) '182.1.16.172.in-addr.arpa/PTR/IN' denied > > > > I have always considered missing reverse lookups to be misconfiguration. > > If you have control over the server, you should have both forward and > > reverse lookups defined. > > > > > > Mark Post > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > > > -- > Michael Weiner > Systems Admin > Infinity Systems Software, Inc. > One Penn Plaza Suite 2010 > New York, NY 10119 > o: (646) 405-9300 > c: (845) 641-0517 > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/