Report information
The Basics
Id:
45275
Status:
new
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Mark Andrews <marka@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Server
Area:
bug
Dates
Created:Tue, 23 May 2017 01:04:45 -0400
Updated:Tue, 25 Jul 2017 11:18:27 -0400
Closed:Not set

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Tue, 23 May 2017 01:04:45 -0400 Mark Andrews <marka@isc.org> - Ticket created
Subject: Check dns64 reverse zone against configured zones.
Date: Tue, 23 May 2017 15:03:21 +1000
To: bind9-bugs@isc.org
From: "Mark Andrews" <marka@isc.org>

In lib/bind9/check.c check that the dns64 reverse zone does not match a explictly configured zone. Log a duplicate zone error if it does. This will fix named-checkconf and named.
Subject: Re: How to generate authoritative DNS64 reverse zone
Date: Mon, 22 May 2017 11:42:43 +0300
To: bind-users@isc.org
From: "Aleksi Suhonen" <bind-users-2017@ssd.axu.tm>

Hi, On 05/20/2017 01:48 AM, Mark Andrews wrote: > In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd8c1@axu.tm>, Aleksi Suhonen writes: >> So how do I configure Bind9 to generate one authoritative DNS64 reverse >> zone that contains CNAMEs to in-addr.arpa, but otherwise not mess with >> anything? > You should delegate > 1.0.0.0.0.0.0.0.2.3.B.D.0.B.2.0.C.7.6.0.1.0.0.2.IP6.ARPA normally. > This will let everyone in the world find the CNAME records. This > should be done even if you are just doing it for your recursive > clients. I created the delegation, tried the below config and created an empty zone file for the above delegation. Rndc reconfig gave the following error: 22-May-2017 07:58:13.534 general: error: reloading configuration failed: already exists This was the entirety of the error message. > If you don't want A to AAAA mappings to happen then turn off the > DNS64 mapping for everyone on the server. > dns64 2001:67c:2b0:db32:0:1::/96 { > clients { none; } > }; When I removed the empty master zone, the error message went away. So it seems that the dns64 declaration implicitly creates a new zone in Bind. Makes sense. This could be added to documentation? I think the above error message should also be improved, as it gave no indication as to *what* exists already. I could have saved about an hour of wondering what the hell is wrong with my config change, if the error message was a bit more wordy. :-) In hind sight, I guess I could have turned on debugging and seen what messages would be generated then, but I suspect there would have been too many messages for me to process. Anyway, thanks for the help. -- Aleksi Suhonen / Axu TM Oy Internetworking Consulting Cellular: +358 44 975 6548 World Wide Web: www.axu.tm _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Fri, 26 May 2017 05:50:57 -0400 Stephen Morris <stephen@isc.org> - Priority P2 Normal added
Fri, 26 May 2017 05:50:57 -0400 Stephen Morris <stephen@isc.org> - Severity S2 Normal added
Fri, 26 May 2017 05:50:57 -0400 Stephen Morris <stephen@isc.org> - Area bug added
Fri, 26 May 2017 05:50:57 -0400 Stephen Morris <stephen@isc.org> - Component BIND Server added
Tue, 25 Jul 2017 11:18:27 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public