From owner-freebsd-questions@FreeBSD.ORG Sun Nov 9 01:10:43 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E6881065742 for ; Sun, 9 Nov 2008 01:10:43 +0000 (UTC) (envelope-from dhorn2000@gmail.com) Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.185]) by mx1.freebsd.org (Postfix) with ESMTP id 1B2C98FC13 for ; Sun, 9 Nov 2008 01:10:42 +0000 (UTC) (envelope-from dhorn2000@gmail.com) Received: by rn-out-0910.google.com with SMTP id j71so1344157rne.12 for ; Sat, 08 Nov 2008 17:10:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=Z7FTgHcSY6qgMx7ulg4TfEq/usOfAheaGIhYjtOpVj8=; b=NPE6XVQRv2HTyWuYFyv/i0TwUr9P1L1GoRoUGkUPVA1uE0Dknyo6+gEJ6rUFRKxi4m KTaSxIryfy+2BPT8yFFZ8CrzoT2Igpw6KAdbc3a14UfXJ2J5YfK+I8rkPlNXv98V9QVN 3337oR4ybd+x1WvHm2M/Zz5q/muJ6jlsIVPkM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=Awe6BDNMm2qnJXGG/HXi3DfBlfaMND/BkBqiUrOA3uz+mHDL1kWCswJoReEq5/Optp UpZgu6UPgKhXnDvo+LngDZm8m2+Ctx2bjWRiZxUuDYyWf6GW3KVbd2S7f0kvuNru/C0P U2n7RMLJ5W2gpK/fBgcfWX1GZJ42wx3SpIqwA= Received: by 10.150.186.21 with SMTP id j21mr6638004ybf.123.1226193041991; Sat, 08 Nov 2008 17:10:41 -0800 (PST) Received: by 10.150.135.11 with HTTP; Sat, 8 Nov 2008 17:10:41 -0800 (PST) Message-ID: <25ff90d60811081710u6850be25jdc6d45631ee82af4@mail.gmail.com> Date: Sat, 8 Nov 2008 20:10:41 -0500 From: "David Horn" To: mdh_lists@yahoo.com In-Reply-To: <520617.80727.qm@web56803.mail.re3.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <25ff90d60811081625w397e65b0k46a48b0a493a32d2@mail.gmail.com> <520617.80727.qm@web56803.mail.re3.yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: host -6 failure X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2008 01:10:43 -0000 On Sat, Nov 8, 2008 at 7:55 PM, mdh wrote: > --- On Sat, 11/8/08, David Horn wrote: >> From: David Horn >> Subject: Re: host -6 failure >> To: mdh_lists@yahoo.com >> Cc: freebsd-questions@freebsd.org >> Date: Saturday, November 8, 2008, 7:25 PM >> On Fri, Nov 7, 2008 at 2:18 PM, mdh >> wrote: >> > Howdy folks, >> > I'm having a little trouble understanding a >> problem that the `host` command in RELENG_7_0 (very recent) >> is having. This is by and large my first time working with >> IPv6, which I've been meaning to learn for some time. >> First off, I've got my zone file configured to return a >> AAAA record for x1.mydomain and named isn't complaining. >> However, when I run `host -6 x1.mydomain`, host returns the >> following output: >> > >> > (root@rapier) [/etc/namedb]: host -6 x1.mydomain >> > >> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179: >> internal_send: ::ffff:127.0.0.1#53: Invalid argument >> > >> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179: >> internal_send: ::ffff:IP.IP.IP.8#53: Invalid argument >> > >> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179: >> internal_send: ::ffff:127.0.0.1#53: Invalid argument >> > >> /usr/src/lib/bind/isc/../../../contrib/bind9/lib/isc/unix/socket.c:1179: >> internal_send: ::ffff:IP.IP.IP.8#53: Invalid argument >> > ;; connection timed out; no servers could be reached >> >> The '-6' on the command line for host(1) forces an >> IPv6 only >> connection to your nameserver, not necessarily a >> "AAAA" query for the >> hostname in question. In this case, your nameservers >> listed in the >> warnings are IPv4 nameservers that host(1) is attempting to >> connect to >> using an ipv4 mapped ipv6 address (which by default is >> disabled in the >> kernel) In other words, don't use host -6 for this >> scenario. > > Yet as I pointed out, the second nameserver in my resolv.conf is ::1 - so shouldn't it work with that? It's clearly trying to contact the first and third nameservers listed. If the behavior I'm experiencing is the proper behavior, then let me pose this question: when would anyone conceivably want to use the -6 option, and why does it exist? My intent was to force a query to hit the nameserver on ::1 rather than 127.0.0.1. > >> >> Most recent versions of the host(1) command will do both >> "A" (IPv4 >> host record), and "AAAA" (IPv6 host record) >> lookups for you >> automatically. For example: >> >> host www.kame.net >> www.kame.net has address 203.178.141.194 >> www.kame.net has IPv6 address >> 2001:200:0:8002:203:47ff:fea5:3085 >> >> > >> > IP.IP.IP.8 is my ISP's DNS server, and is a third >> option just in case the localhost DNS server crashes or goes >> batty while I'm out drinking or somesuch. Here's my >> resolv.conf, which shows ::1 listed as the second nameserver >> entry - however, it seems host -6 never even tries it. >> > >> > domain mydomain >> > search mydomain >> > nameserver 127.0.0.1 >> > nameserver ::1 >> > nameserver IP.IP.IP.8 >> > >> > The DNS server running on localhost is authoritative >> for mydomain. I can ping it via localhost using both v4 and >> v6, and I can also ping the external v4 and v6 addresses >> just fine remotely. >> > >> > As I said, I'm new to IPv6, but this behavior >> seems to be counterintuitive. Am I just doing it wrong? >> > >> >> For diagnosing your own nameservers, you are better off >> using the >> dig(1) utility. >> >> Example: >> >> dig ipv6.google.com AAAA @::1 >> >> This causes a dns query for an IPv6 address (aka >> "AAAA" query) for the >> hostname of "ipv6.google.com" using the >> nameserver on the IPv6 >> localhost loopback address (::1), and will give a very nice >> verbose >> output. man dig for more details. > > That is more useful, but still doesn't stifle my desire to stomp a potential bug in the base system. Right after sending, I realized that I did not tell you all of the answer.... host(1) will successfully query ::1 when named is setup to listen on ::1 in named.conf, and ::1 is listed in /etc/resolv.conf (I just ran a test on my box to be sure that it works this way with the -6 switch) Example line from /etc/namedb/named.conf: listen-on-v6 { ::1; any; }; And of course you need to restart named after the config change( /etc/rc.d/named restart) To make sure that it is listening on the IPv6 loopback address: netstat -anW -f inet6 I do not remember the minimum version of bind (aka named) required for IPv6 off the top of my head, but I am running 9.4.2-P2 on my IPv6 machine. -_Dave > >> >> Good Luck. >> >> BTW, if you have not already setup an IPv6 tunnel to the >> internet, I >> highly recommend SixXS's (www.sixxs.net) free tunnels >> (and the >> sixxs-aiccu port), or you can look at Hurricane Electric >> (www.he.net), >> and some other tunnel brokers as well. > > Actually this system is located at HE. :) > > Thanks, > - mdh > > > > >