Date: Mon, 03 Mar 2008 22:10:49 -0800 From: "Chris H." <chris#@1command.com> To: Mark Andrews <Mark_Andrews@isc.org> Cc: Edwin Groothuis <edwin@mavetju.org>, Andy Dills <andy@xecu.net>, freebsd-stable@freebsd.org Subject: Re: What's new on the 127.0.0/24 block in 7? Message-ID: <20080303221049.qp018aswg0c8w0s8@webmail.1command.com> In-Reply-To: <200803040530.m245UVmp018195@drugs.dv.isc.org> References: <200803040530.m245UVmp018195@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Mark Andrews <Mark_Andrews@isc.org>: > >> Quoting Andy Dills <andy@xecu.net>: >> >> > On Mon, 3 Mar 2008, Chris H. wrote: >> > >> >> > Are you sure it's a /24 you are talking about? My 7.0 disks install >> >> > 127.0.0.1/8 here. >> >> >> >> Really? Where did you get the install disc? Mine clearly doesn't. :( >> >> All I am provided is 127.0.0.1 - not 127.0.0.2,3... >> > >> > 127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0. It doesn't >> > imply a default behavior of binding to any other address than 127.0.0.1. >> > >> > But I'm still really confused what you're trying to do... >> > >> > See, the idea of returning multiple 127.0.0.X addressess within RBL is to >> > convey different information while using a single zone. >> > >> > In the beginning, the RBLs would just reply with 127.0.0.1 and use >> > different zones to imply different contexts...now you use a single zone >> > with different 127.0.0.X addresses to convey the same information. >> > >> > But...you don't actually do anything with that resolution beyond determine >> > if a given record is listed or not. You don't actually need to configure >> > or use the various 127.0.0.X addresses that might get returned. >> > >> > On the other hand, if you're using multiple rbldnsd instances, one per >> > zone... hile it's a pain you can indeed configured rbldns to serve >> > multiple zones. Or just bind the additional loopback instances >> >> Precisely! Sorry I apparently wasn't clearer in the beginning. >> According to my conversations with the author of rbldnsd, rbldnsd was >> returning REFUSED to all my requests on my FBSD-7 server. >> Because it was unable to communicate on 127.0.0.2. > > If it returned REFUSED it could communicate. REFUSED is a > DNS rcode so the packet went to the server and a reply was > returned. This is a problem with a access control list in > the rbldnsd configuration. I can tell you that without > ever having run rbldnsd. > Yes, of course. Sorry, my bad. RBLDNSD's /log/ files contain REFUSED. The dig, host,nslookup queries return ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58463 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 Sorry. I should have taken more time to answer. --Chris H >> Even though it was bound to my >> internet routable IP, it still needed 127.0.0.2, because that was the >> IP associated with one of my zones (2 in all). >> >> However, I had no difficulties using 2 zones on my recent RELENG_6 >> server, (served out of 127.0.0.2, and 127.0.0.3). >> /This/ is why I felt there must be some difference between the 2 >> releases (FBSD). >> Anyway, I didn't want to spam the list soliciting advice on setting >> up rbldnsd - I already know how to do that. It just /appeared/ that >> there was some difference in the handling of lo0, and it's associated >> IP space. So, as I could find no info in src/UPDATING, or ports/UPDATING, >> nor the man pages. I thought I'd better ask here. >> >> > >> > >> > BTW, /etc/netstart is a nice shortcut to avoid fatfingering an ifconfig. >> >> Thanks. That's good to know. My first thought, is to probably just assign >> a different netmask to lo0, in an effort to get the additional IP's. >> Then see if everything works as well as it did on my RELENG_6 server. >> >> Thanks again for your response. I think you really helped clear things >> up - though I still have no answer as to why there is a difference >> between the 2. >> >> Oh, well. >> >> Thank care. >> >> --Chris H >> >> > >> > Andy >> > >> > --- >> > Andy Dills >> > Xecunet, Inc. >> > www.xecu.net >> > 301-682-9972 >> > --- >> > _______________________________________________ >> > freebsd-stable@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > >> >> >> >> -- >> panic: kernel trap (ignored) >> >> >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- panic: kernel trap (ignored)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080303221049.qp018aswg0c8w0s8>