Re: inline-signing a zone that exists in two views
Gordon Messmer wrote: > > I'm happy that it's working, but it seems like it was fairly difficult to get > right. Am I doing an unusual thing? Yes, it is fiddly, and a relatively common problem - which is why in-view was introduced! > Is it considered best-practice (or just normal) for authoritative > servers to just not use the local server for resolution? Mine don't :-) Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Southeast Iceland: Easterly 7 to severe gale 9, increasing storm 10 for a time in far northwest. Slight or moderate, becoming rough or very rough, occasionally high later in far west. Occasional rain. Moderate, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Sign zone escapes semicolon for RR 257 (CAA) and RR 256 (URI)
Hi,
Whenever I try to sign a zone (using dnssec-signzone) with a CAA
record in it that has a semicolon in the value part of the RDATA like
the following RDATA:
0 issue ";"
Bind escapes the semicolon so the signed zonefile wil have the
following RDATA for the same CAA record:
0 issue "\;"
Even though a semicolon should not be escaped when it is inside a
quoted string, like in the example (reference:
https://tools.ietf.org/html/rfc1035#page-35).
is expressed in one or two ways: as a contiguous set
of characters without interior spaces, or as a string beginning with a "
and ending with a ". Inside a " delimited string any character can
occur, except for a " itself, which must be quoted using \ (back slash).
I found out that this happens in the multitxt_totext function in file
rdata.c as it matches a semicolon and escapes it.
But this function always returns a quoted string, so the code should
actually not escape a semicolon. The function multitxt_totext is only
used in caa_257.c and uri_256.c.
I applied the following patch which solves the issue:
--- lib/dns/rdata.c.orig2017-05-05 15:42:22.943088646 +0200
+++ lib/dns/rdata.c 2017-05-05 15:42:26.466428703 +0200
@@ -1577,8 +1577,8 @@
tl -= 4;
continue;
}
- /* double quote, semi-colon, backslash */
- if (*sp == 0x22 || *sp == 0x3b || *sp == 0x5c) {
+ /* double quote, backslash */
+ if (*sp == 0x22 || *sp == 0x5c) {
if (tl < 2)
return (ISC_R_NOSPACE);
*tp++ = '\\';
I was wondering if I was correct in my assumption and if my patch is
indeed the right solution.
If this is indeed the right solution I hope this patch could be
applied upstream.
--
Have a great day,
Dion Bosschieter
dionbosschie...@gmail.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Providing GeoIP information for servers
I am kind of tired in my systems being reported as being in Plymouth MI instead of Oak Park MI. That is the best Comcast seems to be willing to do for where my IP addresses (which are static) reside. Is there anyway to provide location information for a server via DNS that would feed into GeoIP? For example, do LOC records work for this? thanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Providing GeoIP information for servers
In message , Robert Mosko witz writes: > I am kind of tired in my systems being reported as being in Plymouth MI > instead of Oak Park MI. That is the best Comcast seems to be willing to > do for where my IP addresses (which are static) reside. > > Is there anyway to provide location information for a server via DNS > that would feed into GeoIP? For example, do LOC records work for this? > > thanks AFAIK Maxmind et al don't lookup LOC records. That being said if enough people published LOC records they might start. For Google you can update the location using a app which uses the phone's GPS. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Providing GeoIP information for servers
On 05/10/2017 05:41 PM, Mark Andrews wrote: In message , Robert Mosko witz writes: I am kind of tired in my systems being reported as being in Plymouth MI instead of Oak Park MI. That is the best Comcast seems to be willing to do for where my IP addresses (which are static) reside. Is there anyway to provide location information for a server via DNS that would feed into GeoIP? For example, do LOC records work for this? thanks AFAIK Maxmind et al don't lookup LOC records. That being said if enough people published LOC records they might start. For Google you can update the location using a app which uses the phone's GPS. I hate things that insist that I leave GPS on. I only turn it on when I need it for directions or for exercise mapping (same thing). The UofMich weather app does not work without GPS on. I really need to complain to them about that... I will publish LOC records and see what happens thanks Mark ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Providing GeoIP information for servers
>From the it-could-be-worse department: https://arstechnica.com/tech-policy/2016/08/kansas-couple-sues-ip-mapping-firm-for-turning-their-life-into-a-digital-hell/ I am more a fan of continental geolocation accuracy when it comes to IP addresses. John From: bind-users on behalf of Mark Andrews AFAIK Maxmind et al don't lookup LOC records. That being said if enough people published LOC records they might start. For Google you can update the location using a app which uses the phone's GPS. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Providing GeoIP information for servers
In message <3cc295c2-1717-3af3-362a-66c708256...@htt-consult.com>, Robert Mosko witz writes: > > > On 05/10/2017 05:41 PM, Mark Andrews wrote: > > In message , Robert M > osko > > witz writes: > >> I am kind of tired in my systems being reported as being in Plymouth MI > >> instead of Oak Park MI. That is the best Comcast seems to be willing to > >> do for where my IP addresses (which are static) reside. > >> > >> Is there anyway to provide location information for a server via DNS > >> that would feed into GeoIP? For example, do LOC records work for this? > >> > >> thanks > > AFAIK Maxmind et al don't lookup LOC records. That being said if > > enough people published LOC records they might start. > > > > For Google you can update the location using a app which uses the > > phone's GPS. > > I hate things that insist that I leave GPS on. I only turn it on when I > need it for directions or for exercise mapping (same thing). The UofMich > weather app does not work without GPS on. I really need to complain to > them about that... The point of the app is to update the geo location data and it uses the phone's gps to provide reliable data for that update. You don't need to leave it on. Once the update is sent you can turn it off. > I will publish LOC records and see what happens > > thanks Mark > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sign zone escapes semicolon for RR 257 (CAA) and RR 256 (URI)
"\;" and ";" are the same thing on the wire. To get a '\' you need
to to '\\'. RFC 1035 fails to properly describe a quoting mechanism
that works as it leaves out details like to get a \ you need to
escape the \ like \\.
That said we can remove the backslash in this case.
In message
, Dion Bosschieter writes:
> Hi,
>
> Whenever I try to sign a zone (using dnssec-signzone) with a CAA
> record in it that has a semicolon in the value part of the RDATA like
> the following RDATA:
>
> 0 issue ";"
>
> Bind escapes the semicolon so the signed zonefile wil have the
> following RDATA for the same CAA record:
>
> 0 issue "\;"
>
> Even though a semicolon should not be escaped when it is inside a
> quoted string, like in the example (reference:
> https://tools.ietf.org/html/rfc1035#page-35).
>
> is expressed in one or two ways: as a contiguous set
> of characters without interior spaces, or as a string beginning with a "
> and ending with a ". Inside a " delimited string any character can
> occur, except for a " itself, which must be quoted using \ (back slash).
>
> I found out that this happens in the multitxt_totext function in file
> rdata.c as it matches a semicolon and escapes it.
>
> But this function always returns a quoted string, so the code should
> actually not escape a semicolon. The function multitxt_totext is only
> used in caa_257.c and uri_256.c.
>
> I applied the following patch which solves the issue:
> --- lib/dns/rdata.c.orig2017-05-05 15:42:22.943088646 +0200
> +++ lib/dns/rdata.c 2017-05-05 15:42:26.466428703 +0200
> @@ -1577,8 +1577,8 @@
> tl -= 4;
> continue;
> }
> - /* double quote, semi-colon, backslash */
> - if (*sp == 0x22 || *sp == 0x3b || *sp == 0x5c) {
> + /* double quote, backslash */
> + if (*sp == 0x22 || *sp == 0x5c) {
> if (tl < 2)
> return (ISC_R_NOSPACE);
> *tp++ = '\\';
>
> I was wondering if I was correct in my assumption and if my patch is
> indeed the right solution.
> If this is indeed the right solution I hope this patch could be
> applied upstream.
>
> --
> Have a great day,
>
> Dion Bosschieter
>
> dionbosschie...@gmail.com
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
