BIND9 and AS112

Discussion:

BIND9 and AS112

Diarmuid O Briain

2018-03-09 09:32:41 UTC

Hi,

I have been following RFC7534 to setup an AS112 Service. I am getting the
following errors from *systemctl* status, what do they mean ?

Mar 09 08:11:43 as112 named[3787]: ../../../../lib/isc/unix/socket.c:2104:
unexpected error:
Mar 09 08:11:43 as112 named[3787]: internal_send: 2620:4f:8000::42#53:
Invalid argument
Mar 09 08:11:43 as112 named[3787]: ../../../../lib/isc/unix/socket.c:2104:
unexpected error:
Mar 09 08:11:43 as112 named[3787]: internal_send: 192.175.48.42#53: Invalid
argument
Mar 09 08:11:43 as112 named[3787]: ../../../../lib/isc/unix/socket.c:2104:
unexpected error:
Mar 09 08:11:43 as112 named[3787]: internal_send: 2620:4f:8000::42#53:
Invalid argument
Mar 09 08:11:43 as112 named[3787]: ../../../../lib/isc/unix/socket.c:2104:
unexpected error:
Mar 09 08:11:43 as112 named[3787]: internal_send: 192.175.48.42#53: Invalid
argument
Mar 09 08:11:43 as112 named[3787]: ../../../../lib/isc/unix/socket.c:2104:
unexpected error:
Mar 09 08:11:43 as112 named[3787]: internal_send: 2620:4f:8000::42#53:
Invalid argument

regards,

Diarmuid

--

*Irish by birth, located in Uganda but Munster by the grace of God.*

Ray Bellis

2018-03-09 12:01:19 UTC

Permalink

Post by Diarmuid O Briain
Hi,
I have been following RFC7534 to setup an AS112 Service. I am getting
the following errors from /*systemctl*/ status, what do they mean ?
Invalid argument

Do you have functioning IPv6 connectivity?

The errors suggest that you don't, but that your named.conf is expecting
that you do.

Ray

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/

Diarmuid O Briain

2018-03-09 12:28:18 UTC

Permalink

Ray,

(1)
Ah that makes sense. When you say functioning I am presuming you mean to
the public Internet and not just in my testbed ? I have IPv6 configured on
the testbed nameserver too but I guess only for internal testbed IP
addresses. The AS112 server much be checking the anycast addresses
associated with that service ?

(2)
I guess therefore that I have the server working and that these are the
only errors. The basic unicast tests on my AS112 server (199.9.9.204/
2a99:9:9::204) are working:

***@lxd1:~$ *dig @199.9.9.204 <http://199.9.9.204/> -x 192.168.10.1*
Returns a QUERY, status: *NXDOMAIN*

***@lxd1:~$ *dig -6 @2a99:9:9::204 netlabsug.tst. AAAA*
Returns a QUERY, status: *REFUSED*

However quite frankly I do not get how the AS112 service is accessed via
anycast. So if I do a reverse-lookup to the IXP DNS server (199.9.9.201/
2a99:9:9::201) that is for a private IP address.

***@lxd1:~$ *dig @199.9.9.201 <http://199.9.9.201/> -x 192.168.10.1*
Returns a QUERY, status: *NXDOMAIN*

I also get an NXDOMAIN response. When I monitor that on the IXP DNS server I
see:

*09-Mar-2018 08:47:43.710 client 199.9.9.100#48061
(1.10.168.192.in-addr.arpa): query: 1.10.168.192.in-addr.arpa IN PTR +E
(199.9.9.201)*

If I disable the AS112 service

***@as112:~$ *sudo systemctl stop bind9.service*

and perform the same test to the IXP DNS.

*09-Mar-2018 08:49:39.230 client 199.9.9.100#43253
(1.10.168.192.in-addr.arpa): query: 1.10.168.192.in-addr.arpa IN PTR +E
(199.9.9.201)*

I am not sure how this decision is actually made by BIND. I have
logging set to *debug* and enabled most logging categories but no more
information is popping into the log to enlighten me.

(3)
Another thing that is confusing me is the fact that the* named.conf *file
in RFC7534 has no IPv6 zones directed to *db.db-empty*.

Any ideas ?

thanks for your help.

regards,

Diarmuid

--

*Irish by birth, located in Uganda but Munster by the grace of God.*

Post by Ray Bellis

Post by Diarmuid O Briain
Hi,
I have been following RFC7534 to setup an AS112 Service. I am getting
the following errors from /*systemctl*/ status, what do they mean ?
Invalid argument

Do you have functioning IPv6 connectivity?
The errors suggest that you don't, but that your named.conf is expecting
that you do.
Ray
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

Stephane Bortzmeyer

2018-03-09 13:34:33 UTC

Permalink

On Fri, Mar 09, 2018 at 03:28:18PM +0300,

Post by Diarmuid O Briain
However quite frankly I do not get how the AS112 service is accessed via
anycast.

Did you configure your routing as mentioned in section 3.4 of RFC 7534?

Post by Diarmuid O Briain
Another thing that is confusing me is the fact that the* named.conf *file
in RFC7534 has no IPv6 zones directed to *db.db-empty*.

You mean ip6.arpa zones? They were not important when AS112 was
launched and, now, there is no way to add zones to the old AS
112. But, yes, they should, IMHO, be DNAME-delegated to
empty.as112.arpa.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Stephane Bortzmeyer

2018-03-09 12:37:40 UTC

Permalink

On Fri, Mar 09, 2018 at 12:32:41PM +0300,

Post by Diarmuid O Briain
Invalid argument
Mar 09 08:11:43 as112 named[3787]: internal_send: 192.175.48.42#53: Invalid
argument

I suspect that your machine is not configured for these IP
addresses. See with ifconfig or ip addr show.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Havard Eidnes

2018-10-22 08:43:28 UTC

Permalink

Hi,

Post by Stephane Bortzmeyer
On Fri, Mar 09, 2018 at 12:32:41PM +0300,

Mar 09 08:11:43 as112 named[3787]: internal_send: 2620:4f:8000::42#53: Invalid argument
Mar 09 08:11:43 as112 named[3787]: internal_send: 192.175.48.42#53: Invalid argument

I suspect that your machine is not configured for these IP
addresses. See with ifconfig or ip addr show.

Diarmuid didn't say what platform he's running BIND on. This may
make a difference wrt. a bug I recently stumbled over:

https://gitlab.isc.org/isc-projects/bind9/issues/589

This will typically hit the BSD lineage of OSes (NetBSD in my
case), which will refuse to apply an IPv6 control header on a
socket used for IPv4. The particular symptom is that attempts to
send a message over 1432 bytes in size over IPv4/UDP will cause
the above error message and the message to be dropped.

What's up with the IPv6 error message I do not know.

Best regards,

- Håvard
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Continue reading on narkive:

Search results for 'BIND9 and AS112' (Questions and Answers)

replies

How to bind off stitches twice.?

started 2011-06-08 13:31:09 UTC

hobbies & crafts

replies

According to Jesus, we can all bind things on earth and Heaven not just Peter. So what does this binding mean?

started 2008-02-25 10:47:52 UTC

religion & spirituality

replies

Can someone please explain what a bind is ( My friend has a snake like tattoo on her forehead)?