"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
ISC_FALSE },
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
ISC_FALSE },
Should add:
8.b.d.0.1.0.0.2.ip6.arpa - Documentation/example zone. (2001:db8::/32)
f.f.ip6.arpa - Multicast addresses (no universal definition - FF00::/8)
You have the IPv4 versions of these, but not IPv6. Patch:
diff -ur bin/named/server.c bin/named/server.c
--- bin/named/server.c 2008-04-03 06:20:33.000000000 +0000
+++ bin/named/server.c 2008-06-11 22:14:13.000000000 +0000
@@ -212,12 +212,14 @@
/* Local IPv6 Unicast Addresses */
{
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
ISC_FALSE },
{
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
ISC_FALSE },
- /* LOCALLY ASSIGNED LOCAL ADDRES S SCOPE */
+ { "8.B.D.0.1.0.0.2.IP6.ARPA", ISC_FALSE },
+ /* LOCALLY ASSIGNED LOCAL ADDRESS SCOPE */
{ "D.F.IP6.ARPA", ISC_FALSE },
{ "8.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "9.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "A.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "B.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
+ { "F.F.IP6.ARPA", ISC_FALSE }, /* MULTICAST */
{ NULL, ISC_FALSE }
};
_______________________________________________
bind-users mailing list
XXXX@XXXXX.COM
https://lists.isc.org/mailman/listinfo/bind-users
RFC Reserved zones - was possible bug...?
1 posts
• Page 1 of 1
- Windows XP
- dotnet framework
- mcse
- Windows XP
- MS WORD
- ASP.NET
- forth
- IBM PS2
- MS EXCEL
- PowerPoint
Jump to:
- 1. dnssec-keygen + Bind 9.4.2 RC2
Hello all, For personnal exprimentation, i test DNSSEC on my DNS (Bind 9.4.2 RC2). And for the first command : dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE 1.168.192.in-addr.arpa. this command as take (+-) 15/20 secondes for make 2 keys. And just after with this command (similar) : dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE archi.amt. Karchi.amt.+005+28279 Thiis command has finish after 5 hours and with intel 2x core ... Is this normal ? Thanks for all -- __________________ / Laurent Archambault \ |-------------------------------| |Gentoo and Mandriva | _-----------------------------_ - 2. Blackhole for incoming queries only
Over the last couple of years we've been locking down our recursive nameservers with increasing severity. By now, allow-query and allow-recursion block everything outside the university networks, so such host always get a REFUSED response. That doesn't stop there being quite a few of them that go on generating substantial numbers of requests (shown up by query logging). I had wondered whether it would make sense to move from refusing to ignoring, by specifying options { ... blackhole { ...; !ournets; any; }; // hard to get negated ACLs right! ... }; But this turns out to be a supremely bad idea, because "blackhole" not only stops BIND accepting queries _from_ those addresses - it also stops it sending queries _to_ them. And of course most nameservers in the world are not in "ournets" ... Any ideas on how to achieve the desired effect? -- Chris Thompson Email: XXXX@XXXXX.COM
Next
RFC Reserved zones - was Re: possible bug...?
by D. Stussy » Sun, 16 Nov 2008 05:52:49 GMT
Similar Threads:
1 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 54 guest