The posting Completely different: BIND 1 ... / 2012-12-21

Koos van den Hout

2012-12-21 The posting Completely different: BIND 1 ...
Attention: this item is more than 5 years old, links can be broken and information can have been updated.
The posting Completely different: BIND 10 - Jan-Piet Mens triggered me to have a look at my resolver/authoritive setup at home. I was running only bind 9 both as authoritive server for several zones and as resolver for home systems but I decided to test a setup with those functions split. For fun I tried it with recursion in pdns-recursor, part of PowerDNS while keeping bind9 for the authoritive server. I had to select the right IPv6 and IPv4 addresses for authoritive and resolving servers. I do have enough addresses at home thanks to IPv6 and IPv4-with-NAT to do this, but I have to select the right ones. The server at home is known as ns2.idefix.net so the choice of addresses for the authoritive server is easy. So the relevant part of the bind9 configuration in named.conf: 
    listen-on-v6 {
        2001:980:14ca:42::694; # auth ext
    };
    listen-on {
        82.95.196.202; # auth ext
    };
And the pdns-recursor in recursor.conf is set up like: 
# local-address IP addresses to listen on, separated by spaces or commas
#
local-address=127.0.0.1,2001:980:14ca:42::18,10.42.2.1,::1
It was a bit of pondering which process got to listen on the v4/v6 localhost address, but I think the resolver is the best candidate. The resolver advertised in radvd.conf has been adjusted.

The next thing to setup was a certain set of zones that the recursor can't find on the Internet, so they need to be asked directly from the authoritive bind9 server. I configured this in recursor.conf like: 
forward-zones=koos.koffie.dot=82.95.196.202,10.in-addr.arpa=82.95.196.202,a.c.4.1.0.8.9.0.1.0.0.2.ip6.arpa=82.95.196.202
I tried this with the IPv6 addresses for the authoritive server but this makes pdns-recursor not answer at all, so I reverted to IPv4 for the moment until I understand what is going wrong and why. Testing this makes pdns-recursor hang for other queries too, so for full debugging I need to test this in a way that doesn't affect the rest of my home network. From the command-line the requests work over both IPv6 and IPv4. Enabling query-logging in bind9 doesn't show those requests coming in.

Update: If I read things correctly forward-zones with IPv6 support only came in powerdns-recursor 3.2 and ubuntu 8.04 comes with pdns-recursor 3.1.4. Switching to pdns-recursor from hardy-backports upgrades to 3.3-2~hardy1 and forward-zones starts working over IPv6. Less legacy IP, more IPv6! 
forward-zones=koos.koffie.dot=2001:980:14ca:42::694,10.in-addr.arpa=2001:980:14ca:42::694,a.c.4.1.0.8.9.0.1.0.0.2.ip6.arpa=2001:980:14ca:42::694
And it works.
Tags: , ,

IPv6 check

Running test...

Archive

Browse the recent archive:
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
News archive
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites
This page generated by $Id: newsitem.cgi,v 1.62 2023/09/19 14:49:50 koos Exp $ in 0.009299 seconds.