Re: Reverse lookups not working when Internet connection failed.
On 05.11.22 09:58, David Alexandre M. de Carvalho via bind-users wrote: Thank you all for the replies. For what I understand after reading your replies (I might be wrong :) ), reverse lookups fail when I have no outgoing connection because some caching or or transfer is needed from 66.136.193.in-addr.arpa. , wich I don't control. This is divided in several networks, 2 of them under my control. correct. Admin of that zone is supposed to: 1. create proper CNAME records: 0.66.136.193.in-addr.arpa. CNAME 0.0-28.66.136.193.in-addr.arpa. ... 15.66.136.193.in-addr.arpa. CNAME 15.0-28.66.136.193.in-addr.arpa. 2. delegate 0-28.66.136.193.in-addr.arpa. to your servers, make their servers secondary for this zone (optional) 3. allow your servers to to fetch 66.136.193.in-addr.arpa. step 1. creates proper aliases step 2. creates working delegation step 3. allows you to see reverse records when your connection is down. alternatively they can choose to 0/28.66.136.193.in-addr.arpa. or 0-15.66.136.193.in-addr.arpa. instead of 0-28.66.136.193.in-addr.arpa. I'll have to read more carefully your suggestions to see if I find an alternative way to achieve this only by modifying my zone files, without messing up my current setup. I'll let you know how it goes. On 11/4/22 2:07 PM, Mark Andrews wrote: Any ISP that offers these delegations should be allowing their customers to transfer the zone that contains the CNAMEs for the customer address space by default. I've had enough trouble getting ISPs to support 2317 delegation period. I think that asking them to allow me to do a zone transfer would have been a hard no. I certainly don't think this would be allowed /by/ /default/. I just checked and § 5.1 of RFC 2317 mentioned having the parent do a secondary zone transfer of the child zone. But I don't see any mention of the child doing a secondary zone transfer of the parent zone. I think that would be a good idea. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Unexpected extra care needed for building BIND 9.18.8
Building BIND 9.18.8 from source seems to need
./configure; LD_RUN_PATH=/usr/local/lib make; sudo make install
instead of the traditional
./configure; make; sudo make install
Using the traditional recipe, I obtained the run-time error message
named: error while loading shared libraries: libisc-9.18.8.so: cannot
open shared object file: No such file or directory
Is this as intended?
I would have expected that ./configure (or the machinery
it invokes) would take care of propagating ${exec_prefix}/lib
to LD_RUN_PATH at the relevant stage.
/Niall
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Unexpected extra care needed for building BIND 9.18.8
> Is this as intended?
Nope, that’s local to your system. Hard to tell what’s wrong from just a single
message, but either there’s cruft somewhere in the path with more priority or
your dynamic linker configuration is wrong. Inspecting the binary that’s
failing with `libtool --mode=execute ldd` might give you some hints.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 6. 11. 2022, at 16:27, Niall O'Reilly wrote:
>
> Building BIND 9.18.8 from source seems to need
>
> ./configure; LD_RUN_PATH=/usr/local/lib make; sudo make install
>
> instead of the traditional
>
> ./configure; make; sudo make install
>
> Using the traditional recipe, I obtained the run-time error message
>
> named: error while loading shared libraries: libisc-9.18.8.so: cannot open
> shared object file: No such file or directory
>
> Is this as intended?
>
> I would have expected that ./configure (or the machinery
> it invokes) would take care of propagating ${exec_prefix}/lib
> to LD_RUN_PATH at the relevant stage.
>
> /Niall
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse lookups not working when Internet connection failed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2022-11-06 at 14:39 +0100, Matus UHLAR - fantomas wrote: > alternatively they can choose to 0/28.66.136.193.in-addr.arpa. or > 0-15.66.136.193.in-addr.arpa. > instead of 0-28.66.136.193.in-addr.arpa. or use $clientname.66.136.193.in-addr.arpa. as the intermediate zone which has a slight advantage when the same client has multiple disjoint parts of the same /24. -BEGIN PGP SIGNATURE- iHIEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY2f41xUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHBXgCTByqT09Rrz54p7OjWMqOEmj3fnwCe LPnNvD9XwOCDCK94G4ui+uAd8Vc= =mnp9 -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse lookups not working when Internet connection failed.
On 11/6/22 11:12 AM, Carl Byington via bind-users wrote: or use $clientname.66.136.193.in-addr.arpa. as the intermediate zone which has a slight advantage when the same client has multiple disjoint parts of the same /24. I find that $CLIENTNAME or some other stand in for the client is a potential for information lek. There is nothing inherent in the CNAME to non-identifying RNAMEs that leaks any client identifying information. Conversely the client is in charge of what information they put in the sub-zone, so it's not the ISP leaking client identifying information. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse lookups not working when Internet connection failed.
On 11/6/22 6:39 AM, Matus UHLAR - fantomas wrote: 3. allow your servers to to fetch 66.136.193.in-addr.arpa. Is this 3rd step documented somewhere? I searched for it in RFC 2317 but didn't find it. Maybe I over looked it. alternatively they can choose to 0/28.66.136.193.in-addr.arpa. or 0-15.66.136.193.in-addr.arpa. instead of 0-28.66.136.193.in-addr.arpa. N.B. I've had some problems with the forward slash character "/" in domain names multiple times in the past. I'd stick with the hyphen "-" for compatibility. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
