<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">I open this to
test (</span></span><span style="white-space: pre-wrap">45.225.75.8 is particial anycast IP, for DNS/UDP have bind9</span><span
style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">):</span></span></p>
<p><span style="font-family:monospace">dig A ore.org.bo
@199.38.247.210
</span></p>
<p><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">With on </span></span><span
style="font-family:monospace">199.38.247.210
</span><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;"> (work):</span></span></p>
<p><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">zone
ore.org.bo {
</span><br>
type master;
<br>
file "/etc/bind/ore.org.bo.db";
<br>
};<br>
</span></p>
<p><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">;
<<>> DiG 9.18.19-1~deb12u1-Debian <<>>
A ore.org.bo @199.38.247.210
</span><br>
;; global options: +cmd
<br>
;; Got answer:
<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
39291
<br>
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
ADDITIONAL: 1
<br>
<br>
;; OPT PSEUDOSECTION:
<br>
; EDNS: version: 0, flags:; udp: 1232
<br>
; COOKIE: 9948d53f96271fa80100000066947311b2e477062b98c6ee
(good)
<br>
;; QUESTION SECTION:
<br>
;ore.org.bo. IN A
<br>
<br>
;; ANSWER SECTION:
<br>
ore.org.bo. 3600 IN A 45.225.75.8
<br>
<br>
;; Query time: 99 msec
<br>
;; SERVER: 199.38.247.210#53(199.38.247.210) (UDP)
<br>
;; WHEN: Mon Jul 15 00:53:38 UTC 2024
<br>
;; MSG SIZE rcvd: 83
<br>
<br>
</span></p>
<p><span style="font-family:monospace">With on </span><span
style="font-family:monospace">199.38.247.210
</span><span style="font-family:monospace"> (not work):</span></p>
<pre class="moz-quote-pre" wrap="">zone ore.org.bo {
type secondary;
file “<span style="font-family:monospace">/etc/bind/</span>ore.org.bo.db”;
primaries { 2803:1920::c:1963; };
};</pre>
<p></p>
<p><span style="font-family:monospace">; <<>> DiG
9.18.19-1~deb12u1-Debian <<>> A ore.org.bo
@199.38.247.210
<br>
;; global options: +cmd
<br>
;; Got answer:
<br>
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:
14941
<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 1
<br>
<br>
;; OPT PSEUDOSECTION:
<br>
; EDNS: version: 0, flags:; udp: 1232
<br>
; COOKIE: f9006eb35715f0da01000000669473a08e2898af7098316c
(good)
<br>
;; QUESTION SECTION:
<br>
;ore.org.bo. IN A
<br>
<br>
;; Query time: 87 msec
<br>
;; SERVER: 199.38.247.210#53(199.38.247.210) (UDP)
<br>
;; WHEN: Mon Jul 15 00:56:01 UTC 2024
<br>
;; MSG SIZE rcvd: 67<br>
</span></p>
<pre class="moz-signature" cols="72">alpha_one_x86/BRULE Herman <a class="moz-txt-link-rfc2396E" href="mailto:alpha_one_x86@first-world.info"><alpha_one_x86@first-world.info></a>
Main developer of Supercopier/Ultracopier/CatchChallenger, Esourcing and server management
IT, OS, technologies, research & development, security and business department</pre>
<div class="moz-cite-prefix">On 7/14/24 20:00, Mark Andrews wrote:<br>
</div>
<blockquote type="cite"
cite="mid:C63A09A3-07E6-4807-BEB2-DDE3470C3AEB@isc.org">
<pre class="moz-quote-pre" wrap="">
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On 13 Jul 2024, at 12:44, Herman Brule <a class="moz-txt-link-rfc2396E" href="mailto:contact@herman-brule.com"><contact@herman-brule.com></a> wrote:
Thanks, I'm looking how solve this, cleanly.
In my country only 1 ISP have IPv6, then I need keep IPv4.
I have 1 IPv4 for 1000 VPS, no way here to have more IPv4.
Then:
1) I'm not sure if my DNS authoritative on IPv6 reply correctly (but reply correctly to all my dig query)
2) I have to provide a way to my customer can resolve query on their DNS server on their IPv6 VPS, their need be able to just put their vps dns or at least common server dns (where I had to put their zone, then I dislike this idea)
For now your method fail, include I try:
zone "ore.org.bo" {
type master;
file "/etc/bind/ore.org.bo.db";
};
But failed too.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Well I didn’t say to do that. You have they wrong type of zone. Make it a secondary (slave) zone
like I told you to do.
zone ore.org.bo {
type secondary;
file “ore.org.bo.db”;
primaries { 2803:1920::c:1963; };
};
Now that should work as I can AXFR the zone from that server. You should also note the difference in
the flags in the responses for smtp.ore.org.bo. The one from 2803:1920::c:1963 is an authoritative
reply (aa) and the TTL stays at 3600, whereas the one from 45.225.75.8 is not (aa is not set in the
flags) and the TTL decreases indicating that it comes from a recursive server.
It also looks like someone tried to comment out *.ore.org.bo but used the wrong comment character ‘#'
rather than ‘;’.
[ant:~/git/bind9] marka% dig axfr ore.org.bo @2803:1920::c:1963
; <<>> DiG 9.19.25-dev <<>> axfr ore.org.bo @2803:1920::c:1963
;; global options: +cmd
ore.org.bo. 604800 IN SOA 811.vps.confiared.com. admin.ore.org.bo. 3 604800 86400 2419200 604800
ore.org.bo. 604800 IN NS 811.vps.confiared.com.
ore.org.bo. 3600 IN MX 1 smtp.ore.org.bo.
ore.org.bo. 3600 IN A 45.225.75.8
ore.org.bo. 3600 IN AAAA 2803:1920::c:1963
#*.ore.org.bo. 604800 IN CNAME ore.org.bo.
smtp.ore.org.bo. 3600 IN A 45.225.75.8
smtp.ore.org.bo. 3600 IN AAAA 2803:1920::c:1963
<a class="moz-txt-link-abbreviated" href="http://www.ore.org.bo">www.ore.org.bo</a>. 604800 IN CNAME ore.org.bo.
ore.org.bo. 604800 IN SOA 811.vps.confiared.com. admin.ore.org.bo. 3 604800 86400 2419200 604800
;; Query time: 497 msec
;; SERVER: 2803:1920::c:1963#53(2803:1920::c:1963) (TCP)
;; WHEN: Mon Jul 15 09:47:16 AEST 2024
;; XFR size: 10 records (messages 1, bytes 324)
[ant:~/git/bind9] marka% dig a smtp.ore.org.bo @2803:1920::c:1963
; <<>> DiG 9.19.25-dev <<>> a smtp.ore.org.bo @2803:1920::c:1963
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4584
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: cdbac4bb692528b301000000669463a2ffd887df1b2535a8 (good)
;; QUESTION SECTION:
;smtp.ore.org.bo. IN A
;; ANSWER SECTION:
smtp.ore.org.bo. 3600 IN A 45.225.75.8
;; Query time: 659 msec
;; SERVER: 2803:1920::c:1963#53(2803:1920::c:1963) (UDP)
;; WHEN: Mon Jul 15 09:47:47 AEST 2024
;; MSG SIZE rcvd: 88
[ant:~/git/bind9] marka% dig a smtp.ore.org.bo @45.225.75.8
; <<>> DiG 9.19.25-dev <<>> a smtp.ore.org.bo @45.225.75.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33189
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 42c6758d745eb62b01000000669463baea9db7cd3474c256 (good)
;; QUESTION SECTION:
;smtp.ore.org.bo. IN A
;; ANSWER SECTION:
smtp.ore.org.bo. 3266 IN A 45.225.75.8
;; Query time: 264 msec
;; SERVER: 45.225.75.8#53(45.225.75.8) (UDP)
;; WHEN: Mon Jul 15 09:48:10 AEST 2024
;; MSG SIZE rcvd: 88
[ant:~/git/bind9] marka%
Mark
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">alpha_one_x86/BRULE Herman <a class="moz-txt-link-rfc2396E" href="mailto:alpha_one_x86@first-world.info"><alpha_one_x86@first-world.info></a>
Main developer of Supercopier/Ultracopier/CatchChallenger, Esourcing and server management
IT, OS, technologies, research & development, security and business department
On 7/12/24 19:01, Mark Andrews wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On 13 Jul 2024, at 04:38, Herman Brule via bind-users <a class="moz-txt-link-rfc2396E" href="mailto:bind-users@lists.isc.org"><bind-users@lists.isc.org></a> wrote:
Because the customer are into IPv6 zone
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Well all zones should be served by both IPv4 servers and IPv6 servers. IPv6 is nearly 30 years old now. There are
sites that are IPv6 only because they would prefer to not have to run everything through 2 or 3 layers of NAT when
they don’t need it at all for IPv6 and would really like to not have to send all there DNS queries though NAT64 boxes.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">And the EDGE router connecting IPv4 and IPv6 is internal to the data center company, not accessible for the customer.
Forward zone to edge will be more complex, it's more simple just forward the query.
Thanks for you observation, but I know, I doing this quickly, I will keep like this for now, this will produce only problem for availability if the server is down.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Except you are wrong. You are writing here because it *is* causing you and everyone else a problem. The correct way to
fix this is to transfer the zone contents to the listed primary servers if you are using nameservers. Alternatively
don’t run nameservers at all but use IP level proxies. Either the whole address or port forward 53/TCP and 53/UDP.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">alpha_one_x86/BRULE Herman <a class="moz-txt-link-rfc2396E" href="mailto:alpha_one_x86@first-world.info"><alpha_one_x86@first-world.info></a>
Main developer of Supercopier/Ultracopier/CatchChallenger, Esourcing and server management
IT, OS, technologies, research & development, security and business department
On 7/12/24 14:28, Marco Moock wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Am 12.07.2024 um 14:13:03 Uhr schrieb Herman Brule via bind-users:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">bind to my proxy from IPv4 to IPv6 zone
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Why don't you simply run multiple authoritative servers, some only
accessible by IPv6, some dual-stack?
They are independent of each other and only the zone transfer need to
work.
I also see some strange things:
m@ryz:~$ host 811.vps.confiared.com.
811.vps.CONFIARED.com has address 45.225.75.8
811.vps.CONFIARED.com has IPv6 address 2803:1920::c:1963
m@ryz:~$ host 811b.vps.confiared.com.
811b.vps.CONFIARED.com is an alias for 811.vps.confiared.com.
811.vps.CONFIARED.com has address 45.225.75.8
811.vps.CONFIARED.com has IPv6 address 2803:1920::c:1963
m@ryz:~$
You should have redundant servers and not 2 NS records that point to
the same machine.
Please fix that first and update your glue records.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">--
Visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at <a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap=""><ore.org.bo.db>
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
</pre>
</blockquote>
</body>
</html>