From owner-freebsd-stable@FreeBSD.ORG Tue Mar 4 06:19:41 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E02D6106566C for ; Tue, 4 Mar 2008 06:19:41 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) by mx1.freebsd.org (Postfix) with ESMTP id 5DC5E8FC19 for ; Tue, 4 Mar 2008 06:19:41 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.2/8.14.1) with ESMTP id m246Jbja018523; Tue, 4 Mar 2008 17:19:37 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200803040619.m246Jbja018523@drugs.dv.isc.org> To: "Chris H." From: Mark Andrews In-reply-to: Your message of "Mon, 03 Mar 2008 22:10:49 -0800." <20080303221049.qp018aswg0c8w0s8@webmail.1command.com> Date: Tue, 04 Mar 2008 17:19:37 +1100 Sender: marka@isc.org Cc: Edwin Groothuis , Andy Dills , freebsd-stable@freebsd.org Subject: Re: What's new on the 127.0.0/24 block in 7? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 06:19:42 -0000 > Quoting Mark Andrews : > > > > >> Quoting Andy Dills : > >> > >> > On Mon, 3 Mar 2008, Chris H. wrote: > >> > > >> >> > Are you sure it's a /24 you are talking about? My 7.0 disks install > >> >> > 127.0.0.1/8 here. > >> >> > >> >> Really? Where did you get the install disc? Mine clearly doesn't. :( > >> >> All I am provided is 127.0.0.1 - not 127.0.0.2,3... > >> > > >> > 127.0.0.1/8 just means 127.0.0.1 with a netmask of 255.0.0.0. It doesn't > >> > imply a default behavior of binding to any other address than 127.0.0.1. > >> > > >> > But I'm still really confused what you're trying to do... > >> > > >> > See, the idea of returning multiple 127.0.0.X addressess within RBL is t > o > >> > convey different information while using a single zone. > >> > > >> > In the beginning, the RBLs would just reply with 127.0.0.1 and use > >> > different zones to imply different contexts...now you use a single zone > >> > with different 127.0.0.X addresses to convey the same information. > >> > > >> > But...you don't actually do anything with that resolution beyond determi > ne > >> > if a given record is listed or not. You don't actually need to configure > >> > or use the various 127.0.0.X addresses that might get returned. > >> > > >> > On the other hand, if you're using multiple rbldnsd instances, one per > >> > zone... hile it's a pain you can indeed configured rbldns to serve > >> > multiple zones. Or just bind the additional loopback instances > >> > >> Precisely! Sorry I apparently wasn't clearer in the beginning. > >> According to my conversations with the author of rbldnsd, rbldnsd was > >> returning REFUSED to all my requests on my FBSD-7 server. > >> Because it was unable to communicate on 127.0.0.2. > > > > If it returned REFUSED it could communicate. REFUSED is a > > DNS rcode so the packet went to the server and a reply was > > returned. This is a problem with a access control list in > > the rbldnsd configuration. I can tell you that without > > ever having run rbldnsd. > > > > Yes, of course. Sorry, my bad. RBLDNSD's /log/ files contain REFUSED. > The dig, host,nslookup queries return > > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58463 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > Sorry. I should have taken more time to answer. > > --Chris H Which doesn't change the diagnosis. You are talking to the caching server which is talking to rbldnsd which returns REFUSED. When the caching server runs out of servers to try it returns SERVFAIL to the original querier. P.S. you can test the rbldnsd directly if you want. dig -p port +norec @address query Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org