From owner-freebsd-questions@FreeBSD.ORG Mon Nov 10 01:34:55 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20EC9106564A for ; Mon, 10 Nov 2008 01:34:55 +0000 (UTC) (envelope-from dhorn2000@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by mx1.freebsd.org (Postfix) with ESMTP id D530B8FC14 for ; Mon, 10 Nov 2008 01:34:54 +0000 (UTC) (envelope-from dhorn2000@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so823146ywe.13 for ; Sun, 09 Nov 2008 17:34:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=2VyTI2WcmDB94nQ/eomWrL4EFklmdpRjE7nV09m5YrI=; b=PoO+lR2xZGSb8mort1LIpeGCT+altODc5XPs8pPT30tiad6wX2QHMRFwBjq/S4ZQoe p2oUrpZiAvSjbC56lbibZKqu7V9sHj4spSehMy9RK4KPXtb5iyp3GeJzSaJAhaUTvntg PqTKMOi+wTtI55xu9h69ZaMHlK8PIBE1HdtBk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=m1TUb1EYa2B/FHUT9xCHkhRzScZ+TdzWhLVrjCApA3WrfddbK96OeXDvbQ2gabdikz zBeVHfqk7Trko7vzRrLOczyu+cQAiGRZZ1Mp1kakFRI0u4l3MZA8K0BXWlAmgD+Fcefv +B3fe/Uzafk1ME5sLrGwluTEddkv8TpD3rAWc= Received: by 10.151.143.14 with SMTP id v14mr8795586ybn.245.1226280893777; Sun, 09 Nov 2008 17:34:53 -0800 (PST) Received: by 10.150.135.11 with HTTP; Sun, 9 Nov 2008 17:34:53 -0800 (PST) Message-ID: <25ff90d60811091734u67775807ma67b6c1de0c59b9e@mail.gmail.com> Date: Sun, 9 Nov 2008 20:34:53 -0500 From: "David Horn" To: mdh_lists@yahoo.com In-Reply-To: <218769.90655.qm@web56802.mail.re3.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <25ff90d60811081710u6850be25jdc6d45631ee82af4@mail.gmail.com> <218769.90655.qm@web56802.mail.re3.yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: host -6 failure X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Nov 2008 01:34:55 -0000 On Sun, Nov 9, 2008 at 3:13 AM, mdh wrote: > --- On Sat, 11/8/08, David Horn wrote: >> From: David Horn >> Subject: Re: host -6 failure >> To: mdh_lists@yahoo.com >> Cc: freebsd-questions@freebsd.org >> Date: Saturday, November 8, 2008, 8:10 PM >> On Sat, Nov 8, 2008 at 7:55 PM, mdh >> wrote: >> > --- On Sat, 11/8/08, David Horn >> wrote: >> >> From: David Horn >> >> Subject: Re: host -6 failure >> >> To: mdh_lists@yahoo.com >> >> Cc: freebsd-questions@freebsd.org >> >> Date: Saturday, November 8, 2008, 7:25 PM >> >> On Fri, Nov 7, 2008 at 2:18 PM, mdh >> >> wrote: >> >> > Howdy folks, >> >> > I'm having a little trouble understanding >> a >> >> problem that the `host` command in RELENG_7_0 >> (very recent) >> >> is having. >> >> The '-6' on the command line for host(1) >> forces an >> >> IPv6 only >> >> connection to your nameserver, not necessarily a >> >> "AAAA" query for the >> >> hostname in question. In this case, your >> nameservers >> >> listed in the >> >> warnings are IPv4 nameservers that host(1) is >> attempting to >> >> connect to >> >> using an ipv4 mapped ipv6 address (which by >> default is >> >> disabled in the >> >> kernel) In other words, don't use host -6 for >> this >> >> scenario. >> > >> > Yet as I pointed out, the second nameserver in my >> resolv.conf is ::1 - so shouldn't it work with that? >> It's clearly trying to contact the first and third >> nameservers listed. If the behavior I'm experiencing is >> the proper behavior, then let me pose this question: when >> would anyone conceivably want to use the -6 option, and why >> does it exist? My intent was to force a query to hit the >> nameserver on ::1 rather than 127.0.0.1. >> >> > >> >> > domain mydomain >> >> > search mydomain >> >> > nameserver 127.0.0.1 >> >> > nameserver ::1 >> >> > nameserver IP.IP.IP.8 >> >> > >> >> > The DNS server running on localhost is >> authoritative >> >> for mydomain. I can ping it via localhost using >> both v4 and >> >> v6, and I can also ping the external v4 and v6 >> addresses >> >> just fine remotely. >> >> > >> >> > As I said, I'm new to IPv6, but this >> behavior >> >> seems to be counterintuitive. Am I just doing it >> wrong? >> >> > >> >> >> >> For diagnosing your own nameservers, you are >> better off >> >> using the >> >> dig(1) utility. >> >> >> >> Example: >> >> >> >> dig ipv6.google.com AAAA @::1 >> >> >> >> This causes a dns query for an IPv6 address (aka >> >> "AAAA" query) for the >> >> hostname of "ipv6.google.com" using the >> >> nameserver on the IPv6 >> >> localhost loopback address (::1), and will give a >> very nice >> >> verbose >> >> output. man dig for more details. >> > >> > That is more useful, but still doesn't stifle my >> desire to stomp a potential bug in the base system. >> >> Right after sending, I realized that I did not tell you all >> of the answer.... >> >> host(1) will successfully query ::1 when named is setup to >> listen on >> ::1 in named.conf, and ::1 is listed in /etc/resolv.conf (I >> just ran a >> test on my box to be sure that it works this way with the >> -6 switch) >> >> Example line from /etc/namedb/named.conf: >> >> listen-on-v6 { ::1; any; }; >> >> And of course you need to restart named after the config >> change( >> /etc/rc.d/named restart) >> >> To make sure that it is listening on the IPv6 loopback >> address: >> >> netstat -anW -f inet6 >> >> I do not remember the minimum version of bind (aka named) >> required for >> IPv6 off the top of my head, but I am running 9.4.2-P2 on >> my IPv6 >> machine. > > All of the conditions for success are true, however it fails. My DNS server software is responsing on ::1 port 53 (tcp and udp), and ::1 is the second nameserver listed in resolv.conf. Still, host -6 fails as previously stated... According to what you've said so far, this leads me to believe that it ought to work as expected, and not error out in the way I'm seeing. > > Am I missing something here? Is my lack of general IPv6 knowledge causing me to blindly assume something incorrectly? If all of the conditions for success were true, you would *not* be having a problem. You are likely missing something simple. I suggest that you read about about general IPv6 network troubleshooting, and bind. The handbook has some good information here: http://www.freebsd.org/doc/en/books/handbook/network-dns.html http://www.freebsd.org/doc/en/books/handbook/network-ipv6.html http://www.freebsd.org/doc/en/books/developers-handbook/ipv6.html You have yet to provide any new diagnostic output. What was the result of: netstat -anW -f inet6 dig ipv6.google.com AAAA @::1 named -version Do not get hung up on the output of host(1) without trying to diagnose the root problem (your nameserver working properly on ipv6). Once you fix the root problem, the other problems will go away. If in doubt, run a tcpdump or wireshark trace, and make sure that your firewall is not getting in the way. -_Dave > > Thanks, Matt > > > > >