IPV6 forwarders problem
Mark Andrews
Mark_Andrews at isc.org
Thu Jul 1 22:02:18 UTC 2004
>
> Thanks for your suggestion and I have tried your recommendation as well
> as a combination of differnet ipv4 addresses with no luck. =20
>
> I've also tried pointing the forwarders to an true ipv6 dns server and
> my server still does not resolve. I'm only able to resolve if I disable
> 'liston-on-v6'. =20
>
> Any other suggestions?
You have two choices. Change the config or update your
kernel and recompile.
Change "query-source address 10.10.7.249 port 53;" to
"query-source address 10.10.7.249 port <some unused port>;"
or "query-source address 10.10.7.249" and adjust your
firewall to match. The later can be used on stateful
firewalls.
"port 53" is used to get answers through the same hole in
the firewall that queries come through.
The problem is that you are running an old broken kernel
which does not deliver packets to the correct sockets.
Update your kernel to one that supports IPV6_V6ONLY then
recompile named to take advantage of it.
Mark
> Lou.
>
> -----Original Message-----
> From: jinmei at isl.rdc.toshiba.co.jp [mailto:jinmei at isl.rdc.toshiba.co.jp]
>
> Sent: Wednesday, June 30, 2004 11:02 PM
> To: Baccari, Lou
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: IPV6 forwarders problem
>
>
> >>>>> On Wed, 30 Jun 2004 12:29:54 -0400,
> >>>>> "Baccari, Lou" <lou.baccari at hp.com> said:
>
> > I'm try to setup a linux bind server running ipv6 and ipv4 service. =20
> > It appears that whenever I disable, 'listen-on-v6 { any; };', my=20
> > forwarders options work just fine and I'm able to resolve for domain=20
> > other them my own. Once , 'listen-on-v6 { any; };', is re-enabled I=20
> > can no longer resolve for other domain. =3D20
>
> > I even tried to force query onto the ipv4 address but that didn't=20
> > help. Any ideas???
>
> First of all, named never expects to have IPv4-mapped IPv6 addresses
> (like ::ffff:10.10.0.1) appear in named.conf. Even though it happens to
> work as the operator expects, that's not an intended behavior.
>
> So, please rewrite the followings
>
> > options {
> > directory "/var/named";
> > tcp-clients 1000;
> > recursive-clients 10000;
> > allow-recursion {10/8;};
> > query-source address 10.10.7.249 port 53;
> > allow-transfer { ::ffff:10.10.0.3; 10.10.0.3;
> > ::ffff:10.10.0.1; 10.10.0.1;
> > ::ffff:10.10.1.23; 10.10.1.23; };
> > forwarders { ::ffff:10.10.0.1; ::ffff:10.10.0.3; };
> > // forwarders { 10.10.0.1; 10.10.0.3; };
> > listen-on-v6 { any; };
> > match-mapped-addresses yes;
> > forward first;
> > pid-file "/var/run/named/named.pid";
> > };
>
> to
>
> options {
> directory "/var/named";
> tcp-clients 1000;
> recursive-clients 10000;
> allow-recursion {10/8;};
> query-source address 10.10.7.249 port 53;
> allow-transfer { 10.10.0.3;
> 10.10.0.1;
> 10.10.1.23; };
> forwarders { 10.10.0.1; 10.10.0.3; };
> listen-on-v6 { any; };
> match-mapped-addresses yes;
> forward first;
> pid-file "/var/run/named/named.pid";
> };
>
> then try it again. (I guess you've already tried that without success,
> but it's not clear from the original report.)
>
> Also, the stderr output when you invoke named with the -g command line
> option might help.
>
> JINMEI, Tatuya
> Communication Platform Lab.
> Corporate R&D Center, Toshiba
> Corp.
> jinmei at isl.rdc.toshiba.co.jp
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list