Dig for link-local

Alok Raj alok.raj at spanservices.com
Mon Mar 25 12:16:08 UTC 2013 

Hi Sten,

Had tried with packet capture (WireShark), there is no request going out at all, so checking @ server side would not help, I suppose.
I referred book (IPv6 Advanced Protocols Implementation<http://read.pudn.com/downloads93/ebook/368831/IPv6ProtocolsImplementation/ipv6-advanced-protocols-implementation-the-morgan-kaufmann-series-in-networking.9780123704795.28081.pdf>), under section 3.4.7, authors mention about IPV6 reverse lookup, and say that link-local address should be ignored and a negative response is sent.  I am not sure the same is implemented for forward lookup too.

After trying out with dig/nslookup/host, I got confused how it is working there?

Glibc-resolver routines too use BIND, I suppose.

Thanks,
Alok

--Excerpts  from the book--
Ignore Link-Local Addresses
Listing 3-44
name6.c
1443 static struct hostent *
1444 _dns_ghbyaddr(const void *addr, int addrlen, int af, int *errp)
1445 {
1446 int n;
1447 struct hostent *hp;
1448 u_char c, *cp;
1449 char *bp;
1450 struct hostent hbuf;
1451 int na;
1453 static const char hex[] = "0123456789abcdef";
1455 querybuf *buf;
1456 char qbuf[MAXDNAME+1];
1457 char *hlist[2];
1458 char *tld6[
] = { "ip6.arpa", "ip6.int", NULL };
1459 char *tld4[
] = { "in-addr.arpa", NULL };
1460 char **tld;
1461
1463 /* XXX */
1464 if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)addr))
1465 return NULL;
name6.c
1464-1465
If the given address is an IPv6 link-local address, a negative response is returned
without sending DNS queries. This check is actually meaningless, because all callers of
the function do the same check in this implementation



From: Sten Carlsen [mailto:stenc at s-carlsen.dk]
Sent: Monday, March 25, 2013 5:13 PM
To: Alok Raj
Cc: carlos at lacnic.net; Bryan Harris; bind-users at lists.isc.org
Subject: Re: Dig for link-local

One question is whether the server will listen and reply on all addresses or only on the global address?

I suggest you look into the log file from the server, often there are good clues there.

On 25/03/13 10:19, Alok Raj wrote:

Hi Guys,



Basically I am trying to do the following:



  1) If I use link-local ipv6 address (of domain controller) in my resolv.conf, my resolver routines (glibc 2.13) is not able to resolve a domain name to an ip address, though I am able to ping that link-

       local ipv6 address.

  2) If I use global ipv6 address(of domain controller) in my resolv.conf, it works fine!

  3) So I wondered, how dig/nslookup/host- commands are able to get a name resolved when there is only one entry @ /etc/resolv.conf and that entry is an ipv6 link-local address of domain

      controller.

  4) I have downloaded the BIND9 code and am looking into it.

  5) Similarly if I ping using ping6, my domain name gets resolved if global ipv6 address in resolv.conf; not resolved if link-local ipv6 address.



If my doubts sound trivial, I am sorry, I am very new to the above concepts.



Thanks,

Alok







-----Original Message-----

From: bind-users-bounces+alok.raj=spanservices.com at lists.isc.org<mailto:bind-users-bounces+alok.raj=spanservices.com at lists.isc.org> [mailto:bind-users-bounces+alok.raj=spanservices.com at lists.isc.org] On Behalf Of Carlos M. Martinez

Sent: Friday, March 22, 2013 9:57 PM

To: Bryan Harris

Cc: bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>

Subject: Re: Dig for link-local



Transport has nothing to do with content in DNS. If your client asks for an AAAA record it will get the appropriate answer according to the zone's records (a value or an error condition) regardless on whether the query was made over IPv6 or IPv4.



That said, you can 'hack' around this expected behavior (see 'no AAAA on

ipv4') in order to help hosts with broken IPv6 connectivity, but you have to enable it.



regards,



~Carlos



On 3/22/13 1:19 PM, Bryan Harris wrote:

Hello,



On Mar 22, 2013, at 12:13 PM, Kevin Darcy <kcd at chrysler.com><mailto:kcd at chrysler.com> wrote:



I'm not sure what you're asking, exactly. Are you surprised that named would respond on an IPv6 link-local address if configured with "listen-on-v6 { any; };"?



Can an ipv4-only server give an ipv6 address as part of an overall

answer to a dig?  E.g. Our servers recurse to get outside addresses,

and when I query for www.google.com<http://www.google.com> one of the addresses is ip6



Bryan

_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to

unsubscribe from this list



bind-users mailing list

bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>

https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list



bind-users mailing list

bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>

https://lists.isc.org/mailman/listinfo/bind-users

DISCLAIMER: This email message and all attachments are confidential and may contain information that is Privileged, Confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited.  If you have received this email in error, please notify us immediately by return email to mailadmin at spanservices.com<mailto:mailadmin at spanservices.com> and destroy the original message.  Opinions, conclusions and other information in this message that do not relate to the official of SPAN, shall be understood to be nether given nor endorsed by SPAN.



_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list



bind-users mailing list

bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>

https://lists.isc.org/mailman/listinfo/bind-users



--

Best regards



Sten Carlsen



No improvements come from shouting:

       "MALE BOVINE MANURE!!!"
DISCLAIMER: This email message and all attachments are confidential and may contain information that is Privileged, Confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited.  If you have received this email in error, please notify us immediately by return email to mailadmin at spanservices.com and destroy the original message.  Opinions, conclusions and other information in this message that do not relate to the official of SPAN, shall be understood to be nether given nor endorsed by SPAN.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130325/18365135/attachment.html>

More information about the bind-users mailing list